I believe your issue is that libnetfilter
is subject to the GPLv2 licence (not LGPL) and any project building on these would thus be subject to the GPLv2 licence too; this is what you want to avoid (I think).
An alternative would be to use a language binding which is not subject to the GPLv2 licence. One candidate would appear to be the Go bindings - see here for example, which appears to be under the Apache licence. I have obviously not checked the provenance of every file therein. Another way would be to divide your application into two - a small layer that communicates with Netfilter, communicating via (e.g.) an RPC interface with the rest of your application.
However, the last time I faced this, I used libpcap
instead, which is BSD licensed. It's a little known fact that libpcap
can send raw packets as well as receive them. However, it is much lower level than netfilter - you get raw packets and that's about it.