Netfilter Linux Packet Filtering Framework

Netfilter is the packet filtering and network address translation (NAT) framework built into the Linux kernel, providing the infrastructure for firewalling, routing, packet mangling, and network address translation. Originally developed by Rusty Russell (working at IBM Linux Technology Center) in 1998 as the successor to ipchains (which itself replaced ipfwadm), Netfilter was merged into the Linux kernel starting with version 2.4 (2001) and has been the foundational networking security framework for Linux ever since. The Netfilter project is maintained by the Netfilter Core Team including Pablo Neira Ayuso, Jozsef Kadlecsik, Florian Westphal, and others, with development funded by the Netfilter Foundation. Key features: Netfilter hooks: Netfilter registers hooks at five points in the network stack: PREROUTING (before routing decision), INPUT (for packets destined to the local host), FORWARD (for packets being routed through the host), OUTPUT (for locally generated packets), and POSTROUTING (after routing decision, before transmission). Each hook can register callback functions that inspect, modify, accept, or drop packets. ip_tables: the legacy framework providing iptables (IPv4), ip6tables (IPv6), arp_tables (ARP), and ebtables (Ethernet bridge). iptables uses tables (filter, nat, mangle, raw, security) containing chains of rules that match packet attributes and apply targets (ACCEPT, DROP, REJECT, LOG, MASQUERADE, DNAT, SNAT). Connection tracking (conntrack): stateful packet inspection that tracks the state of network connections (NEW, ESTABLISHED, RELATED, INVALID), enabling stateful firewalls. NAT: Source NAT (SNAT) and Destination NAT (DNAT) for address translation. Recent kernel versions (5.0+) include nf_tables (nftables) as the modern replacement. Kernel modules: nf_conntrack, nf_nat, xt_conntrack, xt_state. GPL-2.0.