iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).

netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.

Here are some key features of "iptables":

· stateless packet filtering (IPv4 and IPv6)
· stateful packet filtering (IPv4)
· all kinds of network address and port translation (NAT/NAPT)
· flexible and extensible infrastructure
· multiple layers of API's for 3rd party extensions
· large number of plugins/modules kept in 'patch-o-matic' repository