Building a Netfilter firewall module



We’ll show you how to build your own Netfilter extension with this example of a musical firewall.

Netfilter is the Linux kernel subsystem behind firewall tools such as the famous Iptables. The Netfilter subsystem provides the structure for packet filtering and address translation by offering a series of hooks into the network protocol stack. You can find many commands, scripts, and front-end applications for accessing the Netfilter subsystem – including tools such as Shorewall and Firestarter, as well as the native Iptables – so you don’t have to be a programmer to access the powers of Netfilter. However, if you are ready for a little programming, you can use the built-in Netfilter hooks to create your own custom firewall modules.