Husk version 0.9.11 has been released. The biggest new feature is support for atomic loading of rulesets. Read the full details after the jump.

Previously, husk has output standard iptables/ip6tables commands that can be executed at the command line. With version 0.9.11, a new output option is available (and is the new default) where the output is valid syntax for the iptables-restore/ip6tables-restore commands.

These commands load the new rulesets directly to the kernel in an atomic fashion, allowing less downtime during application of rules, and no inconsistent states while the rules are loading.

On a dual-stack test system[1], load time of rules went from 20 seconds under traditional iptables/ip6tables shell output, to 7 seconds using atomic output.

Atomic output is the new default in husk 0.9.11

[1] Test system is Xeon 3.4Ghtz, 2gb RAM running CentOS 6 x64 and dual-stack IPv4/IPv6 with 1000 IPv4 rules in 157 chains.and 859 IPv6 rules in 156 chains.