Henry Du Blog

Reading Notes: Netfilter and iptables Netfilter is firewalling subsystem in the Linux kernel as a modular[1]. For example, some fields are included in the sk_buf data structure only if the kernel is compiled with support for Netfilter feature. struct sk_buff is defined in linux/include/skbuff.h. There is a well defined document on the top of the file. It include the netfilter common header file #if IS_ENABLED(CONFIG_NF_CONNTRACK) #include <linux/netfilter/nf_conntrack_common.h>#endif Firewalling, essentially, hooks into certain places in the network stack code that packets always pass through when the packets or the kernel meet certain conditions.