How is this better than ipsets and iptables?
It looks, at best, like an extremely limited reinvention of that wheel…as a square. Looking through the contents of the repo, it’s clear the author has basically no clue about sane organization of C code (basically all the code, including non-extern global variable declarations, is in header files for one thing). Note that the submitter’s one other submission is pretty similar-looking – an incompetently-done, crippled version of tcpdump.
Can we please, please have a low-quality downvote option? Please?