netfilter project logo

About the netfilter/iptables project

Who's behind netfilter?

The initial author of and head behind netfilter/iptables was Paul "Rusty" Russell. Later he was joined by other people, who together build the Netfilter core team and maintain the netfilter/iptables project as a joint effort.

But netfilter/iptables wouldn't be what it is today if it wasn't for the numerous contributions by independent software developers, whom we call contributors. We used to keep a scoreboard as a reward for people who helped us a lot - but lately it became too much effort to maintain this scoreboard. It has thus been deactivated until further notice.

If you are interested in more information, there is also a small page about the history of the netfilter project.

The netfilter core team

What Is the Core Team?

The Netfilter Core Team are the people who make the decisions, have commit access to the master Source Control Management (SCM) tree, and do Official Sounding Stuff. To be on the core team implies excellent judgement and some dedication; after all, anyone in the core can do releases. The core team elects one of it's members to be the Head of the netfilter core team. Members of the core team who are no longer actively developing code are called emeritus members of the core team.

Members of the Core Team

Emeritus Members

  • Rusty Russell (founder, former head)
  • Harald Welte (former head)
  • James Morris
  • Marc Boucher
  • Martin Josefsson
  • Yasuyuki Kozakai

How Do I Get on the Core Team?

To get on the core team is fairly simple. Impress us so someone proposes you and no one vetoes. Suggested methods include:

  • Submit enough great patches over a long time.
  • Read the three HOWTOs, and submit extensions or corrections.
  • Keep your Emails short and to the point. Don't flame; inform.
  • Look at what's happening in GIT, the netfilter-devel and the netdev list (at vger.kernel.org).
  • Implement what's on the projects TODO list.
  • Show an ongoing interest in supporting netfilter/iptables, not only in one specific area of interest, but as a whole.

What Are the Perks of the Core Team?

So far, there are two:

  • If you're ever in Australia, you get a free beer (or alternative beverage) on Rusty. Harald now also offers this for Germany. So it does Pablo in Sevilla, Spain ;)
  • You may get to meet some very cool people in associated projects (most of all other Linux kernel hackers). Of course, you may not.

Webmaster

Web site layout and logo design by Daniel García. The current Webmaster is Pablo Neira Ayuso. Harald Welte, the former webmaster, made the XML/XSLT Docbook-website conversion of the page.

Project history

The netfilter project was founded by Paul "Rusty" Russell to re-design and to heavily improve the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

Early in the development, a few people contributed some code, but none of them had become long term contributors. After considering the problem, Rusty decided to try keeping a scoreboard of people who contributed patches and bug reports. It was this process of quantizing the contributions which brought to attention the quantity and quality of work coming out of the passionate French Canadian Marc Boucher, and Rusty decided that it was time to start a Core Team, of which Marc would become the second member.

The core team was actually started shortly after Rusty, while on a trip to SF in November 1999, made a detour to Montreal (despite the lack of warm clothing) to meet and discuss some big design issues.. Rusty and Marc spent a whole night in Marc's office conceiving the multiple tables framework which lead to the death of ipnatctl (a separate tool used to control nat in early versions of netfilter), generalization of iptables and birth of the iptable_{filter,nat,mangle} modules.

After all this was mightily implemented (and ip_conntrack rewritten) by Rusty, we started getting some nice contributions from a certain James Morris (a netlink and userspace queuing freak, living down under like Rusty).

In the spring of 2000 Marc traveled to Australia to attend a few conferences and spend some time in Canberra working with Rusty at Linuxcare on netfilter/iptables (fixing various bugs, implementing additional modules and merging everything into the official Linux tree).

At the Sydney Linux Expo we met James Morris in person, and his amazing coolness convinced us to invite him to become the third Netfilter slave core team member around the beginning of June.

Following James' assimilation into the collective, our efforts were mainly directed towards preparations for the release of Netfilter as part of the upcoming 2.4 kernel. It was the dawn of the third age of Linux firewalling; a time of great struggle and heroic deeds. It was our last, best hope for peace. Great communities were founded, old civilizations were lost, and new alliances were formed. James' missions during this period included the continued perversion of the networking code, such that it was now possible to load an ASN.1 parser into the kernel and inflict grave terror upon unsuspecting SNMP packets; and to extend the IP stack into userspace with Perl. Now peering squarely into the abyss, we noticed the good deeds of a young kernel warrior named Harald Welte, who seemed to actually understand the NAT code.

Accordingly, his distinctiveness was added to the collective. With balance restored, the netfilter juggernaut was now free to accelerate into the brave new world of Linux 2.4 and face it's greatest challenge: users.

Harald's first (code-) contribution to the Netfilter project was the connection tracking module for IRC. Following that he worked on some smaller stuff like TTL match and target modules as well as IPv6 porting. The ULOG target including the ulogd daemon were the next milestone. After getting included in the Netfilter core team in September 2000 he took over lots of the administrative work like doing releases, maintaining SCM, TODO lists, etc. and got involved more and more with fundamental design issues.

At the time of writing, this is mainly the new conntrack/Nat helper framework for multiple related expectations, the upcoming new kernel/userspace interface nfnetlink as well as the whole new userspace world based on libiptables.

At the first netfilter development workshop in November 2001, Jozsef Kadlecsik was invited to join the coreteam as its fifth member. Jozsef is a long-time active netfilter contributor. Among his contributions are: REJECT target, TCP window tracking code, continued development of the newnat API and the raw table.

At the second netfilter development workshop in August 2003, Martin Josefsson was invited to join the coreteam. Martin did a lot of useful work, especially with regard to optimizations on the connection tracking code

At this time, the coreteam also decided to formally elect a Chairman who get's the final call on all decisions. It was further decided that members of the team who do no longer actively contribute code can became emeritus members.

In January 2004, Patrick McHardy was asked to join the coreteam because of his continuing important contributions to the codebase of the netfilter project. Unfortunately, Patrick was suspended in June 2016 for not subscribing The Principles of Community-Oriented GPL Enforcement.

In October 2005, Yasuyuki Kozakai was asked to join the coreteam, especially in regard to his long-standing work on nf_conntrack and his ip6_tables caretaking.

In February 2007, Pablo Neira Ayuso was asked to join the coreteam, especially in regard to ctnetlink and conntrackd.

In October 2012, Eric Leblond and Florian Westphal joined the coreteam for their longstanding contributions and fellow hackers Harald Welte, Martin Josefsson and Yasuyuki Kozakai entered Emeritus officially. Arturo Borrero became coreteam member in July 2017 for his outstanding contributions to nf_tables and the conntrack-tools.

During the Netfilter Workshop 2013 in Copenhagen, Denmark, Pablo Neira Ayuso officially became the head of the coreteam, although he has been serving already as co-maintainer since 2011.

License terms of the netfilter/iptables software

Netfilter/Iptables is - like all of the Linux kernel - free software (sometimes referred to as Open Source), distributed under either the terms of GNU GPLv2 only or any later version.

For further information, please see the Licensing and the GPL compliance FAQ sections of this homepage.

Netfilter project PGP key

The Netfilter Core Team has a PGP key that we use to sign all software released by the project. Current PGP key id is 0xD55D978A8A1420E4, this key was generated on October 14th, 2020 and will be valid until October 13th, 2024.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF+HdQgBEACzteJUJGtj3N6u5mcGh4Nu/9GQfwrrphZuI7jto2N6+ZoURded
660mFLnax7wgIE8ugAa085jwFWbFY3FzGutUs/kDmnqy9WneYNBLIAF3ZTFfY+oi
V1C09bBlHKDj9gSEM2TZ/qU14exKdSloqcMKSdIqLQX27w/D6WmO1crDjOKKN9F2
zjc3uLjo1gIPrY+Kdld29aI0W4gYvNLOo+ewhVC5Q6ymWOdR3eKaP2HIAt8CYf0t
Sx8ChHdBvXQITDmXoGPLTTiCHBoUzaJ/N8m4AZTuSUTr9g3jUNFmL48OrJjFPhHh
KDY0V59id5nPu4RX3fa/XW+4FNlrthA5V9dQSIPh7r7uHynDtkcCHT5m4mn0NqG3
dsUqeYQlrWKCVDTfX/WQB3Rq1tgmOssFG9kZkXcVTmis3KFP1ZAahBRB33OJgSfi
WKc/mWLMEQcljbysbJzq74Vrjg44DNK7vhAXGoR35kjj5saduxTywdb3iZhGXEsg
9zqV0uOIfMQsQJQCZTlkqvZibdB3xlRyiCwqlf1eHB2Vo7efWbRIizX2da4c5xUj
+IL1eSPmTV+52x1dYXpn/cSVKJAROtcSmwvMRyjuGOcTNtir0XHCxC5YYBow6tKR
U1hrFiulCMH80HeS+u/g4SpT4lcv+x0DlN5BfWQuN5k5ZzwKb6EQs092qQARAQAB
tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC
VAQTAQoAPhYhBDfZZKzASYHHVQD7m9Vdl4qKFCDkBQJfh3UIAhsDBQkHhM4ABQsJ
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJENVdl4qKFCDk0msQAJTIK8TLHw2IJDc6
+ZfUJc+znSNwskO+A4lwvb1vRY5qFV+CA2S1eUS4HGDWDT0sPKie6Nx4+FBczkWd
RA+eaKDqQeS5Vzc2f0bl74un91h7yE8O2NsVnpL166MnAAk3/ACjHsZX2PzF12F6
4stvGQFpjZRWItj0I6bvPY6CTtqVPB98a6RpdbS9kGxCCMrL3CFGDXGSjXes5KwN
IvngmVB36wjb3QgEtQIv13jrWFfiXeuieqMRyC6Z3KNYVcvis34eGxPFD9MHrK+w
bdw3KzMBJd7hMoVRl32Q13T/PX8H3pqWMqKaL41wHUswRt0IQjNZnRvRnlJ0VDFf
Wep/3dFK+uQbdABuiwCiRli5mWeOMCP+qJodP1OZSGqg0VwZWUGdCGG5+qIhngOj
QVomvJ7N4eRLU3xuPVjLoBeHzvViUPpYtWQ/YiZK5rWTJHhu88xZaysFJRaV+Uz3
wPkeqdArRRXl1Tpy+cKy7D5BZAr7OjT1wboon23IM2DJRurbaHD8blMsjZ07pbvb
4hdpiE6mqq7CYskDz2UGTaFfEW4bFnKtvKTXEnmcqc4mWcr2z9BBYouGmcFczgET
tE02XejmExXV2RPUtXfLuNIbVpuXG1qhzNuXAfm+S/68XDSFrwyK8/Dgq5ga0iIP
n8Uvz12Xu/Qde+NicogLNWF90QJ2iQIzBBABCgAdFiEEwJ2yBj8dcDS6YVKtq0ZV
oSbSkuQFAl+HdTEACgkQq0ZVoSbSkuSrmhAAi64OqYjb2ZbAJbFAPM6pijyys6Y9
o8ZyLoCRCUXNrjWkNIozTgmj5fm0ECrUXKyrB6OJhTvaRXmqLcBwWOAnP1v7wb+S
ZhEwP0n6E1mZW0t1Qt0xX8yifM5Tpvy+757OSrsuoRpXwwz4Ubuc6G4N/McoRSfU
tVUcz3sKF8hcbETD/hVZb9Qfv0ZjQxu8LiBfKfgy2Eg8yExTdO027hYqQc5q2HEp
HRjD2PMyI33V8KqffWn0AkofweOOFxg1ePV5X9M8rYP+k/2gjPkrrvnZgF/4SxDM
FATmHaIbO3zEQg+u2f1mVCZASBBN1MLth7dMOoClHBmxnQ8uapRg9GNxs7TnXmV/
diZZbqLf6i9bW/scvWEIdM8EGKpbGjdWIlgQJTIuz3seB+9zOdq9L3uTQWHnYLid
R3YkyOsBRqQvM7Gb3zYgvlPjZ+L2FeGg5rD/eeLbv+k027E0TSAgtHoSA2pVTDDK
uqCXVKfmk1I0SO83L9teBblxed07LeVaS9/uK00rWM/TM1bwogfF/4ZEsmAWznzv
Xan/QmrYNgK3C3AZ4pMX7pGCGV1w93Fw3tUzaEJeS2LlsiL5aPOF63b/DqM6W2nl
UqGjKTdVLuF+JgoRH5U2wCyHYhDFm+CaFsYUu2Jf5hTmVWOR3anBoXy6Ty8SoV8q
KxtKpmKmIdPhDe65Ag0EX4d1CAEQANJMZApYzeeLrc7Rs6fGDK4Z3ejEST+aq7vO
RT9YEppRBG1QoUDBuNodAFxIWM6SpwvN7X9AZeIML2EOjDabF5Q6RNHbwODyLDYc
wmqtWh0NNpK85fXwDgcLOQW+dPimsk3ni1crXhhjZgs6syb9yM/pDi0Tf7wzNZt0
0p736zlpQPMORfO+mFgac0FVt/GQsTdIwTBzZ36fcV3W8iPH334Sqsatp617R+z+
q2alH8Vynz12iHi2oJFtmTxhghCROPcLWz3XMKv9A7BfuZeE0k+pK7xnBKrpZzKU
k1j2uzTKzV2Bquo5HNDsy9PgQn16BlXVrxdHfQnBz2w67aHMKnPD/v+K81oxtnuk
pwBAT8Wovkyy1VTLhQH5F0y5bpQrVH/Lwq0/q421hfD3iPHtb2tC1heT9ze/sqkY
plctFb81fx3o8xcBpvuIaTB3URptf8JNvh5KjETZFMQvAddq8oYovoKu+Z/585uC
qwO0Fohpw9qRwmhq7UBvGDVAVgo6kKjMW2Z9U3OnfggrDCytCIZh8eLNagfRL2cu
iq8Sx+cGGt1zoCPhjDN1MaNt/KHm8Gxr+lP+RxH3Et3pEX6mmhSCaU4wr0W5Bf3p
jEtiOwnqajisBQCHh49OGiV8Vg9uQN5GpLpPpbvnGS4vq8jdj6p3gsiS2F7JMy7O
ysBENBkXABEBAAGJAjwEGAEKACYWIQQ32WSswEmBx1UA+5vVXZeKihQg5AUCX4d1
CAIbDAUJB4TOAAAKCRDVXZeKihQg5NMIEACBdwXwDMRB8rQeqNrhbh7pjbHHFmag
8bPvkmCq/gYGx9MQEKFUFtEGNSBh6m5pXr9hJ9HD2V16q9ERbuBcA6wosz4efQFB
bbage7ZSECCN+xMLirQGRVbTozu2eS8FXedH0X9f0JWLDGWwRg+pAqSOtuFjHhYM
jVpwbH/s71BhH84x5RgWezh2BWLbP3UuY7JtWNAvAaeo53Js2dzzgjDopPis4qZR
rLR9cTGjqa6ZTc/PlLfaCsm6rGBlNx/bFJjz75+yn7vMQa47fOBt4qfriHX7G/Tg
3s8xsQSLEm3IBEYh27hoc9ZD45EXgm9ZiGA21t9v1jA27yTVaUrPbC40iDv/CMcQ
7N2Y1sJRvmrd+2pKxtNNutujjwgBguo5bKK253R5Hy0a+NzK2LSc/GmR8EJJEwW1
7r6road7Ss6YImCZExeY+CAW0FEzwQpmqfOdlusvIyk4x4r12JH8Q8NWHMzU3Ym/
yqdopn/SCwCfXJsL4/eHLCaWuyiWjljNa7MwPDITx2ZPRE5QEqCqi4gaDWXyVHt8
leGE1G3zoXNJogWhDswh105UnlZEEfOvbHbaxgWPjLV/xkuHhVlaqdyXbTExrgK6
U2wevNS03dBuQ6bjNIbMIt9ulbiBV8MJWR0PZtnNJ958f1QXC4GT+L3FG1g5Jtz+
rlbu70nh2kSJrg==
=wukb
-----END PGP PUBLIC KEY BLOCK-----

You can also get a plain text file with the key.

In accordance with good key management practices, we have also generated a revocation certificates for our old PGP keys. The revocation certificate for our old PGP key id 0xCA9A8D5B, 0x2D0987E6, 0xBB5F58CC and 0x26D292E4 have also been sent to the public PGP key servers.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: This is a revocation certificate

iQI2BCABCgAgFiEEwJ2yBj8dcDS6YVKtq0ZVoSbSkuQFAl+HdlsCHQEACgkQq0ZV
oSbSkuSopg//bvef/+F+39HNAXj8+WX5zInuhDaBWddBuxKOQplBSqn61dVUPcYz
pI6RiQHsKHepymHhPe5Aw7kXRwU2WgCkJ4oYcX0N3H7E/4DuXHP6Ld/hDP6XrbOd
YM5TFwZcrFG41/HC9sHR6yq4X3LRAwyunwhi8kg5GkngsUYNlONS9kH5ig9MmP/d
cweS9jS9i8ce0/GjMS5Tv4D1ExIWXRUTj6FmgXPIsHzlvMVJwk2TtqAK4KDR7qNN
1jlOc4+o4nDxXUPzXL1eGkH0ZpuYvQYyZx+YYKk6vQN+zWb3VdfGah/noyBTN+ge
CLQ0aHDXkS10bYJXUbP/CrvhXPVIb6ng0jUYxL0xhLirzBMyMDIu0BI8EbiwpTqm
Rmt6IL170u3E6knmQzLXsclsXUvZlFW/zkUGy4yG3wA5kXkttsxFkgRbNPDcp1dS
hPWP6TzN2100gL0QLciQFqrhwLPNEC5HKHM5t+tVDupLnhJMWlNz+NlLb1iIdsRc
AxQSY1sJNK+IyLpvbJ0KEQnNI+ipnp48T1vE9lxog4USt33ep3LRVzA0ALGY4t7E
Emjw46cTwPwChSdnZlSoJGly/HQiQP/J8Xb9SWmUgUxRueBD7pge6h1pahDOCxMQ
bzMTzvqmRpVTdb+voeEBSp0bhQNKNdDMSf7IV+0q77EWWgFEWxS8wCs=
=RSO2
-----END PGP PUBLIC KEY BLOCK-----

You can also get a plain text file with the revocation certificate.

Thanks

We want to thank all our vivid contributors. Without their general help, suggestions, bug reports, comments and actual code contributions, Netfilter wouldn't be what it is.

We thank Linus Torvalds for starting the development of the Linux kernel.

We thank the Linux networking gods (Alexey Kuznetsov, David Miller, Andi Kleen, et al.) for providing Linux with its great network stack.

We thank the founding fathers of the Internet. Who would need firewalls if there was no Internet ;-)

We also thank the companies and individuals who contributed funding or equipment for netfilter/iptables development:

  • Watchguard Inc. for sponsoring Rusty initially
  • Linuxcare Inc. for sponsoring Rusty later on
  • Conectiva Inc. for sponsoring Harald from March to September 2001
    • for sponsoring Harald starting with February 2002
    • for sponsoring the netfilter developer workshop 2003, 2004, 2005 and 2007
    • for sponsoring work on netfilter failover
    • for providing the project with a dual Opteron test system
    • for sponsoring Patrick starting with January 2006
    • for sponsoring Pablo starting with April 2012
    • ... and generally providing support to the project where possible
  • Marion Bates, Chris Brenton, and William Stearns for donating two gigabit NICs to the netfilter coreteam
  • for hosting the netfilter project SCM/www/ftp/mailinglist server and sponsoring the traffic (about 110GB per month) until 2012.
  • for sponsoring nftables development (from March to April 2014).
  • Theo Zourzouvillys for sponsoring the iptables.org domain registration fee
  • Gert Hansen for sponsoring vishnu.netfilter.org, the main netfilter.org server (Dual G5 XServe)
  • The USAGI Project for working on nf_conntrack, despite we turned down their initial ip6_conntrack
  • Pablo Neira for organizing the Netfilter Workshop 2005.
  • Jesper D. Brouer for organizing the Netfilter Workshop 2013.
  • Balabit for sponsoring the netfilter workshops 2005, 2008 and 2010.
  • INL for sponsoring the netfilter workshops 2005, 2008 and 2010 and organzing the 2008 workshop.
  • ComX for sponsoring the netfilter workshops 2007, 2008 and 2010.
  • Cyberoam for sponsoring the netfilter workshops 2007, 2008 and 2011.
  • Intra2net for sponsoring the netfilter workshops 2010, 2011 and 2012.
  • All the other workshop sponsors, which are mentioned on the individual Workshop Pages.

Copyright © 1999-2021 The Netfilter's webmasters . Contact webmaster