netfilter - firewalling, NAT and packet mangling for Linux 2.4
www.netfilter.org and www.iptables.org

Free firewall software distributed under GNU General Public License
 About

 Downloads

 Security Announcements

 Documentation

 Examples
  • Stay tuned

 Contact

 Events

 Links

powered by Linux
 The netfilter/iptables project
Introduction

Welcome to the Homepage of the netfilter/iptables project.

What is netfilter/iptables?

The netfilter/iptables project is the Linux 2.4.x / 2.5.x firewalling subsystem.It delivers you the functionality of packet filtering (stateless or stateful), all different kinds of NAT (Network Address Translation) and packet mangling.

If you are running a recent Linux system (Kernel 2.4.x or above) on a router, you can use netfilter/iptables for all kinds of firewalling, NAT or other advanced packet processing.

The major part of netfilter/iptables (doing all the hard work) is included in the standard Linux Kernel. In order to do your runtime configuration of the firewalling subsystem, you will need the iptables userspace command, which can be downloaded from here. Note that in most cases, the vendor of your Linux distribution (Debian, RedHat, SuSE, Conectiva, Mandrake, ...) will provide you with a pre-built version of this tool.

The documentation section contains HOWTOs and FAQs for learning the specifics of using this powerful tool.

If you still have questions after reading the documentation, please have a look at the Contacts section and ask your question on the appropriate mailinglist.

For the more advanced user, the iptables package also provides a whole bunch of new features. Currently there are about 50 patches collected in our "patch-o-matic" system. If you need a particular feature which is not included in the mainstream linux kernel, please see the patch-o-matic part of the latest iptables package.

News & Announcements

Aug-26-2002

New iptables release
The netfilter core team has released iptables-1.2.7a and patch-o-matic-20020825. Both contain important bugfixes for new bugs introduced by the iptables-1.2.7 and patch-o-matic-20020806 release.

Aug-07-2002

New iptables release
The netfilter core team has released iptables-1.2.7 and patch-o-matic-20020806.

Jul-11-2002

Mailinglist Problem
Due to yet unknown reasons, the netfilter and netfilter-devel lists have been deleted from lists.samba.org. While we are still investigating this problem, we have created new mailinglists at lists.netfilter.org. It is not clear whether there is a recent backup of the subscriber lists, so subscribing to the new lists is strongly recommended.

Jun-22-2002

Netfilter T-Shirts are now available. They are plain white T-Shirts with the blue netfilter logo (as in the upper left corner of the homepage) printed on front. The shirts are available in sizes S,M,L,XL,XXL and are EUR 10 + shipping (EUR 5 intl. for one t-shirt) each. Please direct orders at tshirt@netfilter.org.

May-08-2002

Security Announcement about a bug in the ICMP NAT code, resulting in a possible information leak

Mar-17-2002

New iptables-1.2.6a release (1.2.6 contained two release bugs)

Mar-14-2002

New iptables-1.2.6 release

Feb-25-2002

Important Security Announcement about a bug in the IRC DCC connection tracking.

Jan-11-2002

New iptables-1.2.5 release

Jan-09-2002

New netfilter homepage