Firewall Fundamentals

You can find some of the key NetFilter features at the main website for NetFilter development, http://www.netfilter.org. These features include the following:

• Stateless packet filtering for both IPv4 and IPv6

• Stateful packet filtering for IPv4 traffic

• Network Address Translation (NAT) and Network Address Port Translation (NAPT)

• Flexible and extensible infrastructure

• Multiple layers of application programming interfaces (APIs) for thirdparty extensions

• Large number of plugins/modules

Another benefit of NetFilter is that it is open source, so any modifications that end users want to make can be done without waiting for a vendor to provide new code for their firewall. In addition, NetFilter can support as many interfaces as the hardware that is running it can support. This support allows for multiple demilitarized zones (DMZs) to be created, which you can use to increase the granularity of security for various systems based on their needs.