Lost in Linux IP Acronym Land

[Henrik Nordstrom]

Brooks Carlson wrote:

> architecture is called "netfilter". In other words, one uses iptables to
> talk to the netfilter architecture in the kernel. As far as I know, the
> firewalling code in 2.0 and 2.2 kernels has never had a name for its
> architecture...

Actually to be precise the term iptables is both kernel and userland.

netfilter is the general kernel framework providing hooks where packet filters
can get access to network packets, control their fate or even modify the
packets.

iptables is the standard packet filter of Linux-2.4, implemented on top of
netfilter. To control the kernel part of iptables the userland program
"iptables" is used.

Other netfilter modules exists, such as the Linux Virtual Server which is
completely unrelated to iptables.

--
Henrik Nordstrom
MARA Systems