Ubuntu
iptables package

ipfilter package doesn't ship nfbpf_compile

Asked by Nicolas Christin

Where can I find the nfbpf_compile command? It's normally part of ipfilter, but for some reason it doesn't seem to come with the ipfilter package on hirsute.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu iptables Edit question
Assignee:
No assignee Edit question
Solved by:
Nicolas Christin
Solved:
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

It seems that this command is available only if iptables has been built with ENABLE_BPFC which is not the case in Ubuntu and Debian.
I do not know why this is the case.

Remark: There is a bpfc program available in the netsniff-ng package that seems to do similar tasks. I have no idea whether that can serve as a replacement.

Revision history for this message
Nicolas Christin (acut3) said (last edit ): 		#2

Thank you, makes sense.

bpfc seems to be a lower-level tool that works on BPF assembly source files rather than pcap filter expressions and is therefore much harder to use. The netsniff-ng package also comes with a bunch of dependencies that would require some reconfiguration on my system (e.g. use ntp instead of systemd-timesyncd), so it's really overkill for what I need.

Fortunately it's easy enough to compile nfbpf_compile from source (https://git.netfilter.org/iptables/tree/utils/nfbpf_compile.c), so that's what I did.