ipfilter package doesn't ship nfbpf_compile

Asked by Nicolas Christin

Where can I find the nfbpf_compile command? It's normally part of ipfilter, but for some reason it doesn't seem to come with the ipfilter package on hirsute.

Question information

English Edit question
Ubuntu iptables Edit question
No assignee Edit question
Solved by:
Nicolas Christin
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said :

It seems that this command is available only if iptables has been built with ENABLE_BPFC which is not the case in Ubuntu and Debian.
I do not know why this is the case.

Remark: There is a bpfc program available in the netsniff-ng package that seems to do similar tasks. I have no idea whether that can serve as a replacement.

Revision history for this message
Nicolas Christin (acut3) said (last edit ):

Thank you, makes sense.

bpfc seems to be a lower-level tool that works on BPF assembly source files rather than pcap filter expressions and is therefore much harder to use. The netsniff-ng package also comes with a bunch of dependencies that would require some reconfiguration on my system (e.g. use ntp instead of systemd-timesyncd), so it's really overkill for what I need.

Fortunately it's easy enough to compile nfbpf_compile from source (https://git.netfilter.org/iptables/tree/utils/nfbpf_compile.c), so that's what I did.