The netfilter project is a community-driven collaborative FOSS project that provides packet filtering software for the Linux 2.4.x and later kernel series. The netfilter project is commonly …

Netfilter FAQ (Frequently Asked Questions) We have collected the most frequently asked questions (and their respective answers) from the mailinglists. Please read this FAQ first, …

iptables was mostly written by the netfilter core team, but it has received numerous contributions from many individuals.

The netfilter project was founded by Paul "Rusty" Russell to re-design and to heavily improve the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

A packet selection system called IP Tables has been built over the netfilter framework. It is a direct descendent of ipchains (that came from ipfwadm, that came from BSD's ipfw IIRC), with …

The netfilter.org "nftables" project What is nftables? nftables replaces the popular {ip,ip6,arp,eb}tables.

Conceptually, tc and netfilter can be thought of as layers, with netfilter layered above tc: If the packet hasn't been passed up from the tc layer to the netfilter layer, it's not subjected to …

Release of the netfilter/iptables project Releases Official releases of the various netfilter.org projects are now announced (and linked) from the respective project pages.

1.1 What is netfilter? netfilter is a framework for packet mangling, outside the normal Berkeley socket interface. It has four parts. Firstly, each protocol defines "hooks" (IPv4 defines 5) which …

In Linux 2.4, an infrastructure for mangling packets was introduced, called `netfilter'. A layer on top of this provides NAT, completely reimplemented from previous kernels.