Trace: Basic Netfilter Function Block Diagram

Basic Netfilter Function Block Diagram

Back  
 Next

This is an old revision of the document!

Back  
Start page  
 Next
Prev page  
 Next page

Both NFTables and IPTables use the Netfilter framework provided in the Linux kernal. NFtables was implemented to supersede IPTables, which due to the widespread use of IPTables, will probably take a long time. 

The following is a basic block diagram of the Netfilter Filter and NAT (Network Address Translation) functions, which are the basic requirements for router.

       Incoming
       Packets
          |
    ┌────────────┐
    │ Prerouting │
    │ Rules      │
    └────────────┘
          |
     /----------\
     | Routing  |       NAT
     | Decision |-----------------|
     |  Rules   |       Filter    |
     \----------/                 |
           |                      |
    |------------|                |
    | Input      |                |
    | Rules      |                |
    |------------|                |
           |                      |
 |-------------------|      |----------|
 | Network Processes |      | Forward  |
 | within Router     |      | Rules    |
 |-------------------|      |----------|
           |                      |
    |------------|                |
    | Output     |                |
    | Rules      |                |
    |------------|                |
           |            FILTER    |
           |   |------------------|
           |   |        NAT
    |-------------|
    | Postrouting |
    | Rules       |
    |-------------|   
           |
       Outgoing
       Packets

Some references:

Prev page  
Start page  
 Next page
/app/www/public/data/attic/linux_router/netfilter.1575777123.txt.gz · Last modified: 2023-04-30 Sun wk17 17:44
CC Attribution-Share Alike 4.0 International Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International