I've got a question about Astaro packet filter code. Is it only a interface for IPTables, or is it a totally new rewrite of the firewalling code of the linux kernel? I mean, are Astaro avoid IPTables and write your own packet filtering and NAt code based on Netfilter, or it's only an interface to usage the IPTables?