Summary

NetFilter is an extremely flexible and modern firewall filter. It provides many advantages over previous Linux filtering code, with the most important advantage being that it is a true stateful firewall. In addition, the ability to translate individual hosts on a network through the firewall allows for significant benefits over the previous masquerading done by ipfwadm/ipchainsbased firewalls. Although requiring more effort than a packaged firewall from a vendor such as the Cisco PIX or a Linksys firewall in terms of administration, the Linux NetFilterbased firewall provides a powerful firewall at a reasonable price for the user.