7.4. The Netfilter Architecture

packet filtering engine in kernel 2.2 (skip history, adequately documented elsewhere)

packet filtering engine as part of netfilter in kernel 2.4, backwards compatible support for ipchains

differences between the packet traversal in ipchains and iptables. link to Stef Coene's KPTD (kernel 2.4). Anybody know of a link to a KPTD for kernel 2.2?

7.4.1. Packet Filtering with iptables

selecting on interface

different chains, INPUT, OUTPUT, FORWARD

big picture; how chains are traversed

selecting on interface -i -o

targets; ACCEPT, DROP, REJECT....