netfilter project logo

The netfilter.org project

What is the netfilter.org project?

The netfilter project is a community-driven collaborative FOSS project that provides packet filtering software for the Linux 2.4.x and later kernel series. The netfilter project is commonly associated with iptables.

The netfilter project enables packet filtering, network address [and port] translation (NA[P]T), packet logging, userspace packet queueing and other packet mangling.

The netfilter hooks are a framework inside the Linux kernel that allows kernel modules to register callback functions at different locations of the Linux network stack. The registered callback function is then called back for every packet that traverses the respective hook within the Linux network stack.

iptables is a generic firewalling software that allows you to define rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).

nftables is the successor of iptables, it allows for much more flexible, scalable and performance packet classification.

Main Features

  • stateless packet filtering (IPv4 and IPv6)
  • stateful packet filtering (IPv4 and IPv6)
  • all kinds of network address and port translation, e.g. NAT/NAPT (IPv4 and IPv6)
  • flexible and extensible infrastructure
  • multiple layers of API's for 3rd party extensions

What can I do with netfilter/iptables?

  • build internet firewalls based on stateless and stateful packet filtering
  • deploy highly available stateless and stateful firewall clusters
  • use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
  • use NAT to implement transparent proxies
  • aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
  • do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header

Licensing terms

netfilter.org develops software within the Linux kernel, which is released under the terms of the GNU General Public License version 2 (GPL-2.0) and compatible licenses. This project also provides userspace libraries and utilities that are released under the GPL-2.0, please consult licensing terms of each library and userspace tool specifically for details. For more information, you can consult our licensing section.


Copyright © 1999-2020 The Netfilter's webmasters . Contact webmaster