CF is a network packet filter for Linux. The main strengths are: easy to use interface, compact filter representation (memory efficient), and very high performance.
A difference between CF and other firewalls, such as Netfilter, is its representation of the ruleset. In CF the user writes a filter which is then compiled and optimized in user-space. The optimized filter is then loaded into the kernel (using netlink). Consequently the in kernel packet filtering code only needs funtionality for setting up a filter and filtering packets, while the more complex code of optimizing the filter remains in user-space.