Iptables

This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (April 2015) (Learn how and when to remove this message)

iptables

Original author(s)	Rusty Russell
Developer(s)	Netfilter Core Team
Initial release	1998
Stable release	1.8.10[1]  / 10 October 2023; 12 months ago (10 October 2023)
Repository	git.netfilter.org/iptables/
Written in	C
Operating system	Linux
Platform	Netfilter
Type	Packet filtering
License	GPL
Website	www.netfilter.org

iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in a set of tables, which contain chains of rules for how to treat network traffic packets. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

iptables requires elevated privileges to operate and must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /usr/sbin/iptables and documented in its man pages, which can be opened using man iptables when installed. It may also be found in /sbin/iptables, but since iptables is more like a service rather than an "essential binary", the preferred location remains /usr/sbin.

The term iptables is also commonly used to inclusively refer to the kernel-level components. x_tables is the name of the kernel module carrying the shared code portion used by all four modules that also provides the API used for extensions; subsequently, Xtables is more or less used to refer to the entire firewall (v4, v6, arp, and eb) architecture.

iptables superseded ipchains; and the successor of iptables is nftables, which was released on 19 January 2014^[2] and was merged into the Linux kernel mainline in kernel version 3.13.