Netfilter
Overview
Netfilter is the Linux-kernel framework that intercepts and processes network packets. User-space tools (iptables/nft) program rules that the kernel enforces via netfilter hooks.
Core Ideas
Hooks: interception points in the network stack (ingress/forward/egress). Tables/chains/rules: the rule organization exposed by tooling. Connection tracking (conntrack): kernel keeps state about flows (NEW/ESTABLISHED/RELATED).
Where Tools Fit
Linux/Security/Iptables: legacy user-space interface. Linux/Security/Nftables: modern replacement (preferred). Frontends:
ufw(simpler rules for common cases)firewalld(zones/services, dynamic)