About
Coreteam History License Thanks PGP key Projects iptables nftables libnftnl libnfnetlink libnetfilter_acct libnetfilter_log libnetfilter_queue libnetfilter_conntrack libnetfilter_cttimeout libnetfilter_cthelper conntrack-tools libmnl nfacct ipset ulogd xtables-addons News nftables 1.1.1 released libnftnl 1.2.8 released libnetfilter_conntrack 1.1.0 released nftables 1.1.0 released libnftnl 1.2.7 released Arturo Borrero enters emeritus Eric Leblond enters emeritus nftables 1.0.9 released iptables 1.8.10 released conntrack-tools 1.4.8 released nftables 1.0.8 released libnftnl 1.2.6 released nftables 1.0.7 released libnftnl 1.2.5 released iptables 1.8.9 released nftables 1.0.6 released libnftnl 1.2.4 released ulogd 2.0.8 released conntrack-tools 1.4.7 released nftables 1.0.5 released libnftnl 1.2.3 released nftables 1.0.4 released libnftnl 1.2.2 released nftables 1.0.3 released iptables 1.8.8 released libnetfilter_cttimeout 1.0.1 released libnetfilter_cthelper 1.0.1 released libmnl 1.0.5 released libnfnetlink 1.0.2 released nftables 1.0.2 released libnetfilter_conntrack 1.0.9 released settlement with Patrick McHardy Documentation Mailing Lists List Rules netfilter-announce list netfilter list netfilter-devel list Contact Licensing GPL licensing terms GPL compliance FAQ Supporting netfilter |
About the netfilter/iptables project
The initial author of and head behind
But netfilter/iptables wouldn't be what it is today if it
wasn't for the numerous contributions by independent software developers, whom
we call If you are interested in more information, there is also a small page about the history of the netfilter project. The Netfilter Core Team are the people who make the decisions, have commit access to the master Source Control Management (SCM) tree, and do Official Sounding Stuff. To be on the core team implies excellent judgement and some dedication; after all, anyone in the core can do releases. The core team elects one of it's members to be the “Head of the netfilter core team”. Members of the core team who are no longer actively developing code are called “emeritus” members of the core team. Active Members Emeritus Members
To get on the core team is fairly simple. Impress us so someone proposes you and no one vetoes. Suggested methods include:
So far, there are two:
Web site layout and logo design by Daniel García. The current Webmaster is Pablo Neira Ayuso. Harald Welte, the former webmaster, made the XML/XSLT Docbook-website conversion of the page. The netfilter project was founded by Paul "Rusty" Russell to re-design and to heavily improve the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems. Early in the development, a few people contributed some code, but none
of them had become long term contributors. After considering the problem,
Rusty decided to try keeping a The core team was actually started shortly after Rusty, while on a trip
to SF in November 1999, made a detour to Montreal (despite the lack of warm
clothing) to meet and discuss some big design issues.. Rusty and Marc spent a
whole night in Marc's office conceiving the multiple tables framework which
lead to the death of ipnatctl (a separate tool used to
control nat in early versions of netfilter), generalization of iptables and
birth of the After all this was mightily implemented (and ip_conntrack rewritten) by
Rusty, we started getting some nice contributions from a certain
In the spring of 2000 Marc traveled to Australia to attend a few conferences and spend some time in Canberra working with Rusty at Linuxcare on netfilter/iptables (fixing various bugs, implementing additional modules and merging everything into the official Linux tree). At the Sydney Linux Expo we met Following James' assimilation into the collective, our efforts were
mainly directed towards preparations for the release of Netfilter as part of
the upcoming 2.4 kernel. It was the dawn of the third age of Linux
firewalling; a time of great struggle and heroic deeds. It was our last, best
hope for peace. Great communities were founded, old civilizations were lost,
and new alliances were formed. James' missions during this period included the
continued perversion of the networking code, such that it was now possible to
load an ASN.1 parser into the kernel and inflict grave terror upon
unsuspecting SNMP packets; and to extend the IP stack into userspace with
Perl. Now peering squarely into the abyss, we noticed the good deeds of a
young kernel warrior named Accordingly, his distinctiveness was added to the collective. With balance restored, the netfilter juggernaut was now free to accelerate into the brave new world of Linux 2.4 and face it's greatest challenge: users. Harald's first (code-) contribution to the Netfilter project was the connection tracking module for IRC. Following that he worked on some smaller stuff like TTL match and target modules as well as IPv6 porting. The ULOG target including the ulogd daemon were the next milestone. After getting included in the Netfilter core team in September 2000 he took over lots of the administrative work like doing releases, maintaining SCM, TODO lists, etc. and got involved more and more with fundamental design issues. At the time of writing, this is mainly the new conntrack/Nat helper framework for multiple related expectations, the upcoming new kernel/userspace interface nfnetlink as well as the whole new userspace world based on libiptables. At the first netfilter development
workshop in November 2001, At the second netfilter development
workshop in August 2003, At this time, the coreteam also decided to formally elect a
In January 2004, In October 2005, In February 2007, In October 2012, During the Netfilter Workshop 2013 in Copenhagen, Denmark,
Netfilter/Iptables is - like all of the Linux kernel - free software (sometimes referred to as Open Source), distributed under either the terms of GNU GPLv2 only or any later version. For further information, please see the Licensing and the GPL compliance FAQ sections of this homepage.
The Netfilter Core Team has a PGP key that we use to sign all software released by the project. Current PGP key id is 0xD70D1A666ACF2B21, this key was generated on October 13th, 2024 and will be valid until October 12th, 2028. -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGcLlIQBEADH+pWx2d5XgY2JCOHTVaOpbNlNfp1k9Ul0W5zaZ7EFHIGSj06E o3+OM0eI6+d51PnqwRE+WbV4T3ooGnfgXN4fmKgq2TwkxlhKeFSzNGMuzzuoEwD+ 2cvSF9VIrwif1o9oa9KMNfKTY/qjuWZS0QWZ08thPAf/tWpoaA3gaqYQUshj5G3w nTMdYlHUj7wkZCMg63tDygAe/7fDT3zurKCMbFoyiyQkp7V1SLxZpvuyuyPH6HtQ P5xcbXsp5ots0BgN+BplMX89DrspxJXqi7AsTf4QnC78KbchMJJxLKZQS759dQHF qHUTb3YdlxXFou6Si5LiBzvmqBRFj6m/WV1a8mDy5fPDkOLoTCUFHLmgvYHPJdtK 5EqNkwYAbSnZKe9aSeVa4XhaZqyyQb9vIsKyOnwdJ/l222J95qHQapZSLcRdqgQz ZgxuEdOHacEaJ1IJ21CE8EtJfFA5DMZtkZNIGF3OFlXhw7YxJoPgsodtlVspQsfX u2FGP9yg0fd4zLgHnotKqfJQ9ZjMB6bbJUd6Au9jv0SiM+kVGeVfyaaX7TDeQ3TT /e44uFvkHkbYFQPcqsTalxtre6v7pMG2iu2mbkhQOC7qbL5MKMSdA93w/lF7w20b cwyDavEoKk9vgDjSkVjaffvdy4cESa5JY4lM4ZmzoujnAZMwbzQeGcBtqQARAQAB tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC VAQTAQoAPhYhBIxfcUahdXpl4kIqlNcNGmZqzyshBQJnC5SEAhsDBQkHhM4ABQsJ CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENcNGmZqzyshRE4P/AknD3DAWuCT7x7L LFIUCkfl7WUou9zMQKy62JRK/+/lNyG1dkmvBu7XWLl/+IRv1uIb25I4xwaze6GF 8yhZDNXZLhUjComr864fMEdKNdXInAClLRNY0InkFmHw/SizvwDld4PgsLzoS+qL 5JY4FBlYEnd4wlIwH/w3gPycmdmQNVOjeWJhDrYKGLnjolpGRQPYRME4kjasWPbK AWG/lpINQEB1DgtK8e6kcbUA8wSU6MMEsJjPY0o7lr9NvPfRpPXq34LjoFUXk3Hi Bt8OuVVMo+wTmlZWkXdknFKS4IPVxUA53oJOVMFW8divmF/l676KBogSnczoX4vR VW8sgDEKqb0NicKWJ2Fou+/KueY5OXsO8aZrZtXOsXIAMberdrNDYhyTUSYF8mZF RdL6Jcm5GbQB/zOQElgzMwPQq5AD7SkziMzGOusWjqGmu9qphed/FimVbyRhMl5B uDvGHthhy1KlPkqVcddN6i3/Kd/AMqXAuWMZH9FXJkUUWe+VAyeNHfEuBtSK2rqE zf8TYGg5Gz+oNspWuqEyWUwoH7eQkRx2GIbwu2rwcIzrh8L0rsyu+6FNNHnQfnNq ytbE888dxKkXeJ5T09Pp/hPwkNM8X8ZLcTTsAknrvqLNp2As49dP6iJwysfYLf/v 3Cyvz23JNeSQiTcC4YfKLs4LtCFkiQIzBBABCgAdFiEEN9lkrMBJgcdVAPub1V2X iooUIOQFAmcLlJ0ACgkQ1V2XiooUIOQGJRAAsz/jYoNkSAhzvrY1t/5kSaa3Hyqi wpaJNIb6YCNT9JFlEvfsIlikjK28I+LNqVrWoLZyX1np8h0AGfNUPo/rLzVXzqZ/ UHZi5AjzXM6BVnR84LahFVVLISBtjt3DvY4xvl8cIh03ShJe/yAKIXZUbxXevtnj M0/5bLaLjlVf3KldR+gFjUaTT1nxfkQnzxbk2yKe+1tuQzFsYPLG9Elzyagb4QYm 97CTxim3QcO0qWweoeusBqCkh7qD/ght76JrSnzq859XS//2jaq3A5ZsX5UJk5/E FkzL4zersQZwQE10BByBBJbxC8DzMuGeV+eTVVHKU81cEnzZFxfyOtQBD+oHBauW IC/v509TiH4qhZshJwcznsDZK1xAxxm3mryVtHbfSDSqzc5r/kNQt9mijD6wdsRb 0yQy1P2xkk1zyvOw3BRI2NVXq6+642cp21tjsY136JT/3a6KwIlIIdzIUqejbLoF GgGZPJiQXthfmLpDgvduD6YgaSHyhtJesX3SIGvYBdCGT69blrB7lHazYRE/xKNu bhnVzsaWlOXg52ChAMzsAAi5DV1669xUqRgj7zJHUq72bItZWdAvDSTIrQB4z7u8 QW+XZsveWM2sKjzpLZjQaxdS7dFvGepYY5liA01w7Bx2lU75ejgaWrm/hlaT//RD Al9IQzw14mOtm0e5Ag0EZwuUhAEQANmO+fv67llu3nOZh9mcTbKa0MTT6cNjpEVU 3MDImbN7pKTc/P+s6TVYBYn1q1U0XTXQlfh2HGdrLebAOdWW0Wcz4Kj9oOlRHOAR yq3mRzb9hiCB89mJcw5xNIn83d5L/IJqONSaVLKnTwfwnTVaCJYuF5yIqDMOSXgS C3sbGLx/yEchAhQEWUG8nm9WTybFfq98mFrHEKRGsSgfCHq6KMNn9NuhW149ZK+K klPXZqFyDoRHdyivt9j9hfA0lr4t6sfXEfJedzjNO2f0Z8r2sQhmw3ykYDkzEF8I zkgiik1Ke4+TmpD/4uL/hfgbkoVxZV6gI3M9rqs5o1glAuSFjsrGyog1EkUXplST Qn4ea/vQ6t1iBkTb2r3qzhK+VL7GWlvZa9DGq8btNAiOjKKqa0+3zRTXyPJAdMQM X+FBAhmaHJoylArEHdzv5haB7rv0aGjKV4O1ifonSGE2pllmSDbTO3exIeslLgDh 5GqVmQW30K5JvecKnb871c0utzRLHBF34HOYgRWBcl18DGD+SzXKj1//+4AatcAB woNJHTEh6N3/mD3fJyWkyMwLJzo1x43Pmm1DkzioO9VMSxG7ReaH9WRDty3R83gT njEI0CDkG7m0nXctrsDcmBCYMSnvriWVr7kNYQ9tSi9WUa8Cs0xCmy49fF+7ihIl yANR2aMrABEBAAGJAjwEGAEKACYWIQSMX3FGoXV6ZeJCKpTXDRpmas8rIQUCZwuU hAIbDAUJB4TOAAAKCRDXDRpmas8rIZPuD/4qYhAdmCtaicOjeuMI0EhKA0O0cnXv BRwKXKGISZ6bt/f5fify78NQ4VdQzcpsRk1VvaEHRF5H+qxCQJ8MdzKcYpolCphj ir1gE+zNP7gtzH4HOBzz3/q6GK5HmqwWth3X35ySrgrhnUZZX+plm9gRIRIqmijh hdDp/3/2FcskQzr9UvIQDB14TbbSVAsDx5cQUM5F1nS1AAJNSrebuEcBeeM0N1HP tqWmcJuAHtTlk+K5yk02cgbP9926vlty1uI46UyI4t/xOxmIY6gXlcSMbBnVmB0s E+sKJTE7QrDpRRNiseCNLZcr/TNp9lrFpaUXz/JwXc+c1VC8UmARk9NLHsfoGz5H fvhiUwl96wtvu1YKIev9nfVp1bb3/XeNAVJd+hNxOlkv68s3feutvv7vQR14E8cv CVTXK7aAZKkWJl2n8pPohsXs5vwrsG36oFSH98jehLtzLrpgtWj6N7U8SWhI9JlT EaIpEL/C1foVJeSZs8Tq1sqYaw81lovDFk8wuS1eFhWeEVodJQsfCPBgsQGZ46oZ gWz3AU3KrB4ruNxjkJJxfgKu39pHDrv3o5ZufAHoIAHRdPTPlcH1Wi/1LLgLqHVC 9+i7N1ClsO1/VgtYmZwzxWxsEJOcE2+vOROoVzgMh5lGhCLh6/3VTL96hIjcMp4W oD8ElPP+m/v6iA== =70vD -----END PGP PUBLIC KEY BLOCK----- You can also get a plain text file with the key. In accordance with good key management practices, we have also generated a revocation certificates for our old PGP keys. The revocation certificate for our old PGP key id 0xCA9A8D5B, 0x2D0987E6, 0xBB5F58CC, 0x26D292E4 and 0xD55D978A8A1420E4 have also been sent to the public PGP key servers. -----BEGIN PGP PUBLIC KEY BLOCK----- Comment: This is a revocation certificate iQI2BCABCgAgFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmcLlcQCHQEACgkQ1V2X iooUIOQz4g/+OQPIFeLW/XP+ARKPV4nqjM7n3H0dEoQZApQdBFBOE1ElugAsi6Ld QVwhIVdH3XewVZLWiR8fdSme8YD/bBJiucs8bls5OilEYGCbpdH3LMtQpOt6FRUM /Y9BpJQE/4OwOuLDuzvIIodp9JfSuQJa0gSk7KHeY4zT9eEljX8toVO1ovc9BWFy R/4Np1WpGGQni0ksZ+FBcGXxnGRbZvTryDnUYhe5ghah6xX91sRZ2fmsIqW1TG1G YcSydkwE5HVMdLZwkBUo7Dn2g9CWsUr2UMweoBTv+lpL/lVN4URU7vUmYFLK/44D FAOP/Jt8vyLQpIW440M8j7kbVmQY5+Bd+483h9lhK7+1PgDSkiCflvyXI0l4QwE1 4UsAxk7TWF1DLHjqDZ3n+bzUTtbr83jKvJ4ZGZuMybeybr3CrSRE3yFj7Ldshrtl Glz3S9Dw16/tHgJhCshDUGxhWe1Q2+sCbwMYBIEmEz2Q4zJDjrorIsR1d+WGu3vD EqRaeagg8WzO6sfEK0DQG1LdJj3MUDxrdAjPgYOdWl2dRoCD+Ji6/gEJy/ZLgG9g 6dGgPfcDDu49BUjaNSEJThAw+qU2JKK16k7bnzSDGqr3oTLjjYhkXPEVb6FUaB6a fc8dLsS6JfajB0Al9fNJ8QCt+MaeDDqCPVq+lNZmFAHm4HVkDityAHA= =Ralf -----END PGP PUBLIC KEY BLOCK----- You can also get a plain text file with the revocation certificate. We want to thank all our vivid contributors. Without their general help, suggestions, bug reports, comments and actual code contributions, Netfilter wouldn't be what it is. We thank We thank the Linux networking gods ( We thank the founding fathers of the Internet. Who would need firewalls if there was no Internet ;-) We also thank the companies and individuals who contributed funding or equipment for netfilter/iptables development:
|