This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations.(April 2015) (Learn how and when to remove this template message)
iptables
Original author(s)
Rusty Russell
Developer(s)
Netfilter Core Team
Initial release
1998
Stable release
1.8.10[1]
/ 10 October 2023; 6 months ago (10 October 2023)
Repository
git.netfilter.org/iptables/
Written in
C
Operating system
Linux
Platform
Netfilter
Type
Packet filtering
License
GPL
Website
www.netfilter.org
iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in different tables, which contain chains of rules for how to treat network traffic packets. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.
iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /usr/sbin/iptables and documented in its man pages, which can be opened using man iptables when installed. It may also be found in /sbin/iptables, but since iptables is more like a service rather than an "essential binary", the preferred location remains /usr/sbin.
The term iptables is also commonly used to inclusively refer to the kernel-level components. x_tables is the name of the kernel module carrying the shared code portion used by all four modules that also provides the API used for extensions; subsequently, Xtables is more or less used to refer to the entire firewall (v4, v6, arp, and eb) architecture.
iptables superseded ipchains; and the successor of iptables is nftables, which was released on 19 January 2014[2] and was merged into the Linux kernel mainline in kernel version 3.13.
^Phil Sutter (10 October 2023). "iptables 1.8.10 release". Retrieved 10 October 2023.
^"Linux 3.13, Section 1.2. nftables, the successor of iptables". kernelnewbies.org. 19 January 2014. Retrieved 20 January 2014.
most Linux systems, iptables is installed as /usr/sbin/iptables and documented in its man pages, which can be opened using man iptables when installed. It...
related to iptables than it is to the core Netfilter code. ipset does not make use of Netfilter hooks for instance, but actually provides an iptables module...
2014. nftables replaces the legacy iptables portions of Netfilter. Among the advantages of nftables over iptables is less code duplication and easier...
interface to a packet-control system or firewall installed locally, such as iptables or TCP Wrapper. Fail2ban operates by monitoring log files (e.g. /var/log/auth...
command-line interface consisting of a small number of simple commands, and uses iptables for configuration. UFW is available by default in all Ubuntu installations...
appropriate iptables rules to achieve the expected firewall behavior. It is a large, complex BASH script file, depending on the iptables console tools...
to the Iptables/Netfilter components of Linux using a simple scripting language based on Reverse Polish notation. It is a scriptable Iptables match module...
free software project Osmocom and was formerly involved in the netfilter/iptables and Openmoko projects. He is a member of the Chaos Computer Club. Until...
and in some cases filter network traffic by content.[citation needed] iptables is the current user interface for interacting with Linux kernel netfilter...
systems ipfirewall (ipfw): FreeBSD-native packet filter Netfilter with iptables/nftables: the Linux packet filter NPF: NetBSD-native packet filter PF:...
ipfirewall (managed by ipfwadm command), but was replaced by iptables in the 2.4 series. Unlike iptables, ipchains is stateless. It is a rewrite of Linux's previous...
Prior to v0.6.0, iptables was the default backend. Through its abstractions, firewalld acts as an alternative to nft and iptables command line programs...
TSG (previously SCO) bankruptcy trustee. In April 2004, the netfilter/iptables project was granted a preliminary injunction against Sitecom Germany by...
kernel-space iptables packet filter. Snort - Snort is an Intrusion Detection System which runs in user-space and uses libipq to interface with Linux's iptables packet...
(Stretch) was released in June 2017, with nftables as a replacement for iptables, support for Flatpak apps, and MariaDB as the replacement for MySQL. Debian...
additional features and services as needed. Notable features include an iptables-based firewall, support for signed updates, and a hardened kernel. Microsoft...
performed on the kernel level (using a kernel-level packet filter such as iptables) or by a userspace process examining packets at a higher level (using packet...
manage the Linux kernel features made of L3 IP routing, Linux bridges, iptables or ebtables, network namespaces and Open vSwitch. Some promotional links...
system. In Linux kernels, this is achieved by packet filter rules in the iptables or netfilter kernel components. BSD and macOS operating systems prior to...
February 2018. Retrieved 1 July 2022. "Why is the kernel community replacing iptables with BPF?". cilium.io. April 2018. Retrieved 1 July 2022. "bpftrace (DTrace...
namespace isolates the network interface controllers (physical or virtual), iptables firewall rules, routing tables etc. Network namespaces can be connected...
VPN remote-access solution. The Access Server edition relies heavily on iptables for load balancing and it has never been available on Windows for this...
small business server, Windows SBS. Features include: Stateful firewall (iptables), networking and security Intrusion detection and prevention system (SNORT)...
but removed the changes the next day. A Linux patch implementing the iptables module "ipt_evil" was posted the next year. Furthermore, a patch for FreeBSD...
termed a "private VLAN". Another implementation is possible with Linux and iptables. One analogy is that by creating multiple VLANs, the number of broadcast...