Netfilter

Netfilter is a framework that provides a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling.

iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).

Netfilter

License GNU GPL v2 Developer Patrick McHardy, Harald Welte, Jozsef Kadlecsik, Martin Josefsson, Yasuyuki Kozakai, Pablo Neira Ayuso and many other conributors Website www.netfilter.org Requirements Support: HOWTOs, FAQ, Mailing Lists Selected Reviews: Unix Review

Features include:

• Stateless packet filtering (IPv4 and IPv6)
• Stateful packet filtering (IPv4 and IPv6)
• All kinds of network address and port translation, e.g. NAT/NAPT (IPv4 only)
• Flexible and extensible infrastructure
• Multiple layers of API's for 3rd party extensions
• Large number of plugins/modules kept in 'patch-o-matic' repository

Last Updated Monday, May 05 2008 @ 03:24 AM EDT