Modern Linux kernels come with a packet-filtering framework named Netfilter. Netfilter enables you to allow, drop, and modify traffic coming in and going out of a system. The iptables userspace command-line tool builds upon this functionality to provide a powerful firewall, which you can configure by adding rules to form a firewall policy. iptables can be very daunting with its rich set of capabilities and baroque command syntax.
