Acceleration of IPTABLES Linux Packet Filtering using GPGPU

Firewalls are a software or hardware piece that control access to or-ganization networks. Packet filtering placed in the heart of the firewalls. Packet filtering is performed by comparing each data packet against a rule set. In the high bandwidth networks filtering becomes a time consuming task. In this situa-tion the packet filtering firewall can reduce the overall throughput and become a bottleneck. To solve this problem many researches has been done to improve overall throughput of the packet filtering firewalls. In this paper the first match-ing rule of IPTABLES is implemented in user-space by employing parallel pro-cessing capability of Graphics Processing Unit (GPU). The results show that CPU-GPU accelerated code brings significantly higher throughput over the CPU version IPTables code. The overall throughput of packet filtering on GPU for 10,000 rules is about 400,000 Packets per Second (PPS) which is 43 times faster than inefficient first matching rule algorithm of IPTABLES on CPU.