Internal

• iptables

netfilter, iptables tool, iptables service and firewalld

netfilter

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called for every packet that traverses the respective hook.

iptables

iptables is a Linux userspace command line tool that manipulates the IPv4 network packet filtering rules. Packet filtering is most commonly used to implement firewalling functionality. It is also used to implement Network Address Translation (NAT).

ip6tables

ip6tables is the equivalent command line tool that manipulates the IPv6 network packet filtering rules.

iptables and ip6tables Services

firewalld

firewalld is a firewall service daemon with D-BUS interface. It is used to implement a dynamic firewall. The firewall supports network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly.

firewalld comes with a graphical configuration tool firewall-config. firewalld uses the iptables tool to communicate with netfilter in the kernel.

iptables service and firewalld

The iptables service and firewalld are incompatible, you must use one or another.

Older Firewall Implementations

ipchains

ipfwadm

Chain

Rule