NetFilter, or more commonly known by the name of the manipulation utility, iptables, works, on the surface, similarly to the ipchains firewall code of earlier Linux kernels | How NetFilter Works NetFilter or more commonly known by the name of the manipulation utility iptables works on the surface similarly to the ipchains firewall code of earlier Linux kernels. The first thing you need to understand about NetFilter is the concept of tables chains and rules. Tables are used to provide certain types of functionality which are defined in more detail through this chapter. Chains define the path in which a packet can travel. The chains are made up of rules which define what action should be taken on packets that match the rule. An easy way to think about it is that chains simply contain a list of the rules and tables contain the different types of chains. NetFilter has five builtin chains which are grouped into the following three tables Filter NAT Mangle The filter table has three builtin chains that function in a similar fashion to the three primary chains of ipchains. The function of the chains in the filter table is to test the payload of the packets as well as other characteristics and to accept or reject the packets based on the results of that evaluation. The three builtin chains found in the filter table are as follows INPUT FORWARD OUTPUT The INPUT chain evaluates packets that are destined for the firewall itself. The OUTPUT chain evaluates packets that originate from the firewall. The FORWARD chain evaluates packets that are traversing the firewall from one network interface to another. One of the key differences between the chains in NetFilter and ipchains is that in ipchains all packets going from one network interface to another traverse all three of the main chains INPUT FORWARD and OUTPUT . In NetFilter however they need only traverse the FORWARD chain because that one is the one involved in forwarding packets between interfaces. Figures 7-1 through 7-3 show the chain traversal. Figure 7-1. NetFilter INPUT Chain Processing View full size image In Figure 7-1 the packet from the source host is directed to the .