Netfilter is a framework that provides a set of hooks inside
the Linux kernel that allows kernel modules to register callback
functions with the network stack. A registered callback function is
then called back for every packet that traverses the respective hook
within the network stack.
Software inside this framework enables packet filtering,
network address [and port] translation (NA[P]T) and other packet
iptables is a generic table structure for the definition of
Each rule within an IP table consists of a number of classifiers
(iptables matches) and one connected action (iptables target).
GNU GPL v2
Patrick McHardy, Harald Welte, Jozsef Kadlecsik,
Martin Josefsson, Yasuyuki Kozakai, Pablo Neira Ayuso and many other
to Security Home Page
- Stateless packet filtering (IPv4 and IPv6)
- Stateful packet filtering (IPv4 and IPv6)
- All kinds of network address and port translation, e.g.
NAT/NAPT (IPv4 only)
- Flexible and extensible infrastructure
- Multiple layers of API's for 3rd party extensions
- Large number of plugins/modules kept in 'patch-o-matic'
Last Updated Wednesday, April 02 2014 @ 02:06 PM EST