*** Welcome to piglix ***

Netfilter

Netfilter
Stable release 4.10.1 (26 February 2017; 8 days ago (2017-02-26))
Preview release 4.11-rc1 (5 March 2017; 1 day ago (2017-03-05))
Development status Active
Written in C
Operating system Linux
Type
License GNU GPL
Website www.netfilter.org

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network, as well as for providing ability to prohibit packets from reaching sensitive locations within a computer network.

Netfilter represents a set of hooks inside the Linux kernel, allowing specific kernel modules to register callback functions with the kernel's networking stack. Those functions, usually applied to the traffic in the form of filtering and modification rules, are called for every packet that traverses the respective hook within the networking stack.

Rusty Russell started the netfilter/iptables project in 1998; he had also authored the project's predecessor, ipchains. As the project grew, he founded the Netfilter Core Team (or simply coreteam) in 1999. The software they produce (called netfilter hereafter) uses the GNU General Public License (GPL) license, and in March 2000 it was merged into version 2.3.x of the Linux kernel mainline.

In August 2003 Harald Welte became chairman of the coreteam. In April 2004, following a crack-down by the project on those distributing the project's software embedded in routers without complying with the GPL, a German court granted Welte an historic injunction against Sitecom Germany, which refused to follow the GPL's terms (see GPL-related disputes). In September 2007 Patrick McHardy, who led development for past years, was elected as new chairman of the coreteam.


...
Wikipedia

...