This is an old revision of the document!
Basic Netfilter Function Block Diagram
Both NFTables and IPTables use the Netfilter framework provided in the Linux kernal. NFtables was implemented to supersede IPTables, which due to the widespread use of IPTables, will probably take a long time.
The following is a basic block diagram of the Netfilter Filter and NAT (Network Address Translation) functions, which are the basic requirements for router.
Incoming
Packets
|
┌────────────┐
│ Prerouting │
│ Rules │
└────────────┘
|
/----------\
| Routing | NAT
| Decision |-----------------|
| Rules | Filter |
\----------/ |
| |
|------------| |
| Input | |
| Rules | |
|------------| |
| |
|-------------------| |----------|
| Network Processes | | Forward |
| within Router | | Rules |
|-------------------| |----------|
| |
|------------| |
| Output | |
| Rules | |
|------------| |
| FILTER |
| |------------------|
| | NAT
|-------------|
| Postrouting |
| Rules |
|-------------|
|
Outgoing
Packets
Some references:
- Netfilter.org iptables how to Saying how to mangle the packets
- The Geek Stuff:
- Oregon Tech icmp.txt