Summary

You can utilize netfilter to create highly available stateless and stateful firewall clusters, deploy them using NAT and MASQUERADE to share public IP addresses, or use it for transparent proxies that bypass NAT. These advanced tools aid in building sophisticated QoS and policy routers alongside tc and iproute2 systems for advanced packet manipulation. You might also use nftables as a single, flexible, consistent tool compared to fragmented ip or ip6 tables. nftables offers faster kernel-side transactional rule updates without user-space locking, providing full ruleset flexibility through arbitrary custom tables in namespaces. Its base hooks for ingress and egress allow attaching chains to interfaces for early filtering or transmit path filtering right before traffic traverses the kernel. Additionally, flowtables provide software-fast paths with hardware acceleration, supporting extensive scripting via JSON input and output for defining custom variables, files, and outputs within a single syntax.

Title

netfilter/iptables project homepage - The netfilter.org project

Description

netfilter/iptables project homepage - The netfilter.org project

Keywords

packet, project, list, linux, kernel, tools, terms, software, network, hook, more, lists, license, emeritus, rules, contact, successor

NS Lookup

A 92.243.20.29

Dates

Created 2026-04-15

Updated 2026-04-15

Summarized 2026-04-16