Welcome to the Homepage of the netfilter/iptables project.

What is netfilter/iptables?

The netfilter/iptables project is the Linux 2.4.x / 2.5.x firewalling subsystem.It delivers you the functionality of packet filtering (stateless or stateful), all different kinds of NAT (Network Address Translation) and packet mangling.

If you are running a recent Linux system (Kernel 2.4.x or above) on a router, you can use netfilter/iptables for all kinds of firewalling, NAT or other advanced packet processing.

The major part of netfilter/iptables (doing all the hard work) is included in the standard Linux Kernel. In order to do your runtime configuration of the firewalling subsystem, you will need the iptables userspace command, which can be downloaded from here. Note that in most cases, the vendor of your Linux distirbution (Debian, RedHat, SuSE, Conectiva, Mandrake, ...) will already provide you with a pre-built version of this tool.

In order to learn about how to use this powerful tool, we provide a couple of HOWTO and FAQ documents. See our documentation section

If you still have questions after reading the documentation, please have a look at the Contacts section and ask your question on the apropriate mailinglist

For the more advanced user, the iptables package also provides a whole bunch of new features. Currently there are about 50 patches collected in our "patch-o-matic" system. If you need a particular feature which is not included in the mainstream linux kernel, please see the patch-o-matic part of the latest iptables package.

Jan-11-2002

New iptables-1.2.5 release

Jan-09-2002

New netfilter homepage