Firewalling, NAT and packet mangling for Linux is home to the software of the packet filtering framework inside the Linux 2.4.x and later kernel series. Software commonly associated with are iptables and nftables.

Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

nftables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers and one or more actions.

netfilter, ip_tables, nf_tables, connection tracking (nf_conntrack) and the NAT subsystem together build the major parts of the framework.

lightbulb_outline View ideas list


  • c
  • linux kernel


email Mailing list

Netfilter project 2019 Projects

  • ffmancera
    Adding missing features in nftables
    I would like to work implementing missing features in nftables. My plan is to work on the following subtasks: extending stateful object...
  • Ander Juaristi Alamos
    Missing feature implementation in nftables
    At the end of the project nftables’ feature set should very closely match that of iptables. This project has the objective of implementing all the...
  • Shekhar Sharma
    Project for developing automated tests and other new features for nftables
    This project will be focused towards developing the missing features in nftables which are present in iptables. Features such as "-m time support" to...