About
Coreteam History License Thanks PGP key Projects iptables nftables libnftnl libnfnetlink libnetfilter_acct libnetfilter_log libnetfilter_queue libnetfilter_conntrack libnetfilter_cttimeout libnetfilter_cthelper conntrack-tools libmnl nfacct ipset ulogd xtables-addons News nftables 1.1.1 released libnftnl 1.2.8 released libnetfilter_conntrack 1.1.0 released nftables 1.1.0 released libnftnl 1.2.7 released Arturo Borrero enters emeritus Eric Leblond enters emeritus nftables 1.0.9 released iptables 1.8.10 released conntrack-tools 1.4.8 released nftables 1.0.8 released libnftnl 1.2.6 released nftables 1.0.7 released libnftnl 1.2.5 released iptables 1.8.9 released nftables 1.0.6 released libnftnl 1.2.4 released ulogd 2.0.8 released conntrack-tools 1.4.7 released nftables 1.0.5 released libnftnl 1.2.3 released nftables 1.0.4 released libnftnl 1.2.2 released nftables 1.0.3 released iptables 1.8.8 released libnetfilter_cttimeout 1.0.1 released libnetfilter_cthelper 1.0.1 released libmnl 1.0.5 released libnfnetlink 1.0.2 released nftables 1.0.2 released libnetfilter_conntrack 1.0.9 released settlement with Patrick McHardy Documentation Mailing Lists List Rules netfilter-announce list netfilter list netfilter-devel list Contact Licensing GPL licensing terms GPL compliance FAQ Supporting netfilter |
The netfilter.org projectThe netfilter project is a community-driven collaborative FOSS project that provides packet filtering software for the Linux 2.4.x and later kernel series. The netfilter project is commonly associated with iptables and its successor nftables. The netfilter project enables packet filtering, network address [and port] translation (NA[P]T), packet logging, userspace packet queueing and other packet mangling. The netfilter hooks are a framework inside the Linux kernel that allows kernel modules to register callback functions at different locations of the Linux network stack. The registered callback function is then called back for every packet that traverses the respective hook within the Linux network stack. iptables is a generic firewalling software that allows you to define rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target). nftables is the successor of iptables, it allows for much more flexible, scalable and performance packet classification. This is where all the fancy new features are developed.
netfilter.org develops software within the Linux kernel, which is released under the terms of the GNU General Public License version 2 (GPL-2.0) and compatible licenses. This project also provides userspace libraries and utilities that are released under the GPL-2.0, please consult licensing terms of each library and userspace tool specifically for details. For more information, you can consult our licensing section. |