The netfilter simulator provides a means to run netfilter code in userspace; this allows significantly easier debugging and testing of what would otherwise be kernel-bound code.

The simulator is compiled with the netfilter code under test, which is imported from a kernel source tree. A simple command-line interface is given to test the code, by altering the kernel environment or sending packets in on various interfaces.

nfsim is released under the GNU General Public License .


Latest snapshot: nfsim-20080411.tar.gz

Older versions are available from the snapshots directory.


A brief HOWTO document is available: the Netfilter Simulator HOWTO

OLS presentation

Rusty and I presented a paper on nfsim at the 2005 Ottawa Linux Symposium. You can download the slides (in Open Office format) here.

The paper itself is included in the conference proceedings; you can download them from the OLS 2005 website. The nfsim paper is in volume 2.


Jeremy Kerr, Rusty Russell.