Projects / iptables


iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.

Operating Systems

RSS Recent releases

  •  26 Jan 2013 01:06

Release Notes: This release adds support for the Day Transition Ignore option in xt_time.

Release Notes: This release includes aliasing support, which translates command lines using obsolete extensions into new ones. The option parser now flags illegal negative numbers in some more extensions. A division by zero was resolved in libxt_limit as well.

  •  31 Jul 2012 20:59

Release Notes: This release adds support for changes found in Linux 3.5: the "hashlimit" match has gained support for byte-based operation, and the "recent" match has gained the "--mask" option to group hosts.

Release Notes: This release supports the new cttimeout infrastructure. This allows you to attach specific timeout policies to flow via iptables CT targets.

  •  21 Apr 2012 07:42

Release Notes: This release added support for xt_addrtype rev 1, xt_nfacct, xt_rpfilter, IPv6-capable xt_ecn, and xt_recent's reap feature.

RSS Recent comments

02 Jun 2006 08:29 atomopawn Thumbs up

High performance, featureful, firewall
IPtables/Netfilter supports all sorts of advanced features, such as NAT, masquerading, packet redirect, and many others. It also has all sorts of useful matches, such as the STRING match and the ipset module. It is one of the very best stateful firewall systems available.


Project Spotlight


A vte-based terminal emulator.


Project Spotlight


A map/reduce framework for processing large RDF data sets.