Both of the Netlink protocols NETLINK_FIREWALL (and NETLINK_IP6_FW) and NETLINK_NETFILTER are used to manupilate the Linux firewall.
So, is there a diffrence? If yes, which Netlink protocol serves which purpose?
Both of the Netlink protocols NETLINK_FIREWALL (and NETLINK_IP6_FW) and NETLINK_NETFILTER are used to manupilate the Linux firewall.
So, is there a diffrence? If yes, which Netlink protocol serves which purpose?
A quick grep through the code shows that NETLINK_FIREWALL only occurs twice in the kernel:
So, it's defined and the comment claims that it's unused, and it's only mentioned once, in type conversion code for selinux. There's never a call to netlink_kernel_create(), so NETLINK_FIREWALL is never hooked up. It won't do anything.
NETLINK_NETFILTER does have a netlink_kernel_create() call associated with it, so that's the interface you want to look at.
It's been a while, but I once implemented (partial) code for configuratin netfilter rules and I remember doing that through a setsockopt() call, rather than through netlink sockets. I'm not sure what NETLINK_NETFILTER actually does.
A quick look through git log seems to suggest that NETLINK_NETFILTER is used to interface with thinks like connection tracking, not actually configuring firewall rules (which the iptables userspace command does).
If you actually want to create firewall rules (i.e. do what iptables does) you should be looking at libiptc (which is part of the iptables source tree). The interface for configuring these rules is complicated and undocumented.