netfilter project logo

About the netfilter/iptables project

Who's behind netfilter?

The initial author of and head behind netfilter/iptables was Paul "Rusty" Russell. Later he was joined by other people, who together build the Netfilter core team and maintain the netfilter/iptables project as a joint effort.

But netfilter/iptables wouldn't be what it is today if it wasn't for the numerous contributions by independent software developers, whom we call contributors. We used to keep a scoreboard as a reward for people who helped us a lot - but lately it became too much effort to maintain this scoreboard. It has thus been deactivated until further notice.

If you are interested in more information, there is also a small page about the history of the netfilter project.

The netfilter core team

What Is the Core Team?

The Netfilter Core Team are the people who make the decisions, have commit access to the master Source Control Management (SCM) tree, and do Official Sounding Stuff. To be on the core team implies excellent judgement and some dedication; after all, anyone in the core can do releases. The core team elects one of it's members to be the Head of the netfilter core team. Members of the core team who are no longer actively developing code are called emeritus members of the core team.

Members of the Core Team

Emeritus Members

How Do I Get on the Core Team?

To get on the core team is fairly simple. Impress us so someone proposes you and no one vetoes. Suggested methods include:

  • Submit enough great patches over a long time.
  • Read the three HOWTOs, and submit extensions or corrections.
  • Keep your Emails short and to the point. Don't flame; inform.
  • Look at what's happening in GIT, the netfilter-devel and the netdev list (at
  • Implement what's on the projects TODO list.
  • Show an ongoing interest in supporting netfilter/iptables, not only in one specific area of interest, but as a whole.

What Are the Perks of the Core Team?

So far, there are two:

  • If you're ever in Australia, you get a free beer (or alternative beverage) on Rusty. Harald now also offers this for Germany. So it does Pablo in Sevilla, Spain ;)
  • You may get to meet some very cool people in associated projects (most of all other Linux kernel hackers). Of course, you may not.


Web site layout and logo design by Daniel García. The current Webmaster is Pablo Neira Ayuso. Harald Welte, the former webmaster, made the XML/XSLT Docbook-website conversion of the page.

Project history

The netfilter project was founded by Paul "Rusty" Russell to re-design and to heavily improve the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

Early in the development, a few people contributed some code, but none of them had become long term contributors. After considering the problem, Rusty decided to try keeping a scoreboard of people who contributed patches and bug reports. It was this process of quantizing the contributions which brought to attention the quantity and quality of work coming out of the passionate French Canadian Marc Boucher, and Rusty decided that it was time to start a Core Team, of which Marc would become the second member.

The core team was actually started shortly after Rusty, while on a trip to SF in November 1999, made a detour to Montreal (despite the lack of warm clothing) to meet and discuss some big design issues.. Rusty and Marc spent a whole night in Marc's office conceiving the multiple tables framework which lead to the death of ipnatctl (a separate tool used to control nat in early versions of netfilter), generalization of iptables and birth of the iptable_{filter,nat,mangle} modules.

After all this was mightily implemented (and ip_conntrack rewritten) by Rusty, we started getting some nice contributions from a certain James Morris (a netlink and userspace queuing freak, living down under like Rusty).

In the spring of 2000 Marc traveled to Australia to attend a few conferences and spend some time in Canberra working with Rusty at Linuxcare on netfilter/iptables (fixing various bugs, implementing additional modules and merging everything into the official Linux tree).

At the Sydney Linux Expo we met James Morris in person, and his amazing coolness convinced us to invite him to become the third Netfilter slave core team member around the beginning of June.

Following James' assimilation into the collective, our efforts were mainly directed towards preparations for the release of Netfilter as part of the upcoming 2.4 kernel. It was the dawn of the third age of Linux firewalling; a time of great struggle and heroic deeds. It was our last, best hope for peace. Great communities were founded, old civilizations were lost, and new alliances were formed. James' missions during this period included the continued perversion of the networking code, such that it was now possible to load an ASN.1 parser into the kernel and inflict grave terror upon unsuspecting SNMP packets; and to extend the IP stack into userspace with Perl. Now peering squarely into the abyss, we noticed the good deeds of a young kernel warrior named Harald Welte, who seemed to actually understand the NAT code.

Accordingly, his distinctiveness was added to the collective. With balance restored, the netfilter juggernaut was now free to accelerate into the brave new world of Linux 2.4 and face it's greatest challenge: users.

Harald's first (code-) contribution to the Netfilter project was the connection tracking module for IRC. Following that he worked on some smaller stuff like TTL match and target modules as well as IPv6 porting. The ULOG target including the ulogd daemon were the next milestone. After getting included in the Netfilter core team in September 2000 he took over lots of the administrative work like doing releases, maintaining SCM, TODO lists, etc. and got involved more and more with fundamental design issues.

At the time of writing, this is mainly the new conntrack/Nat helper framework for multiple related expectations, the upcoming new kernel/userspace interface nfnetlink as well as the whole new userspace world based on libiptables.

At the first netfilter development workshop in November 2001, Jozsef Kadlecsik was invited to join the coreteam as its fifth member. Jozsef is a long-time active netfilter contributor. Among his contributions are: REJECT target, TCP window tracking code, continued development of the newnat API and the raw table.

At the second netfilter development workshop in August 2003, Martin Josefsson was invited to join the coreteam. Martin did a lot of useful work, especially with regard to optimizations on the connection tracking code

At this time, the coreteam also decided to formally elect a Chairman who get's the final call on all decisions. It was further decided that members of the team who do no longer actively contribute code can became emeritus members.

In January 2004, Patrick McHardy was asked to join the coreteam because of his continuing important contributions to the codebase of the netfilter project. Unfortunately, Patrick was suspended in June 2016 for not subscribing The Principles of Community-Oriented GPL Enforcement.

In October 2005, Yasuyuki Kozakai was asked to join the coreteam, especially in regard to his long-standing work on nf_conntrack and his ip6_tables caretaking.

In February 2007, Pablo Neira Ayuso was asked to join the coreteam, especially in regard to ctnetlink and conntrackd.

In October 2012, Eric Leblond and Florian Westphal joined the coreteam for their longstanding contributions and fellow hackers Harald Welte, Martin Josefsson and Yasuyuki Kozakai entered Emeritus officially. Arturo Borrero became coreteam member in July 2017 for his outstanding contributions to nf_tables and the conntrack-tools.

During the Netfilter Workshop 2013 in Copenhagen, Denmark, Pablo Neira Ayuso officially became the head of the coreteam, although he has been serving already as co-maintainer since 2011.

License terms of the netfilter/iptables software

Netfilter/Iptables is - like all of the Linux kernel - free software (sometimes referred to as Open Source), distributed under either the terms of GNU GPLv2 only or any later version.

For further information, please see the Licensing and the GPL compliance FAQ sections of this homepage.

Netfilter project PGP key

The Netfilter Core Team has a PGP key that we use to sign all software released by the project. Current PGP key id is 0xD55D978A8A1420E4, this key was generated on October 14th, 2020 and will be valid until October 13th, 2024.



You can also get a plain text file with the key.

In accordance with good key management practices, we have also generated a revocation certificates for our old PGP keys. The revocation certificate for our old PGP key id 0xCA9A8D5B, 0x2D0987E6, 0xBB5F58CC and 0x26D292E4 have also been sent to the public PGP key servers.

Comment: This is a revocation certificate


You can also get a plain text file with the revocation certificate.


We want to thank all our vivid contributors. Without their general help, suggestions, bug reports, comments and actual code contributions, Netfilter wouldn't be what it is.

We thank Linus Torvalds for starting the development of the Linux kernel.

We thank the Linux networking gods (Alexey Kuznetsov, David Miller, Andi Kleen, et al.) for providing Linux with its great network stack.

We thank the founding fathers of the Internet. Who would need firewalls if there was no Internet ;-)

We also thank the companies and individuals who contributed funding or equipment for netfilter/iptables development:

  • Watchguard Inc. for sponsoring Rusty initially
  • Linuxcare Inc. for sponsoring Rusty later on
  • Conectiva Inc. for sponsoring Harald from March to September 2001
    • for sponsoring Harald starting with February 2002
    • for sponsoring the netfilter developer workshop 2003, 2004, 2005 and 2007
    • for sponsoring work on netfilter failover
    • for providing the project with a dual Opteron test system
    • for sponsoring Patrick starting with January 2006
    • for sponsoring Pablo starting with April 2012
    • ... and generally providing support to the project where possible
  • Marion Bates, Chris Brenton, and William Stearns for donating two gigabit NICs to the netfilter coreteam
  • for hosting the netfilter project SCM/www/ftp/mailinglist server and sponsoring the traffic (about 110GB per month) until 2012.
  • for sponsoring nftables development (from March to April 2014).
  • Theo Zourzouvillys for sponsoring the domain registration fee
  • Gert Hansen for sponsoring, the main server (Dual G5 XServe)
  • The USAGI Project for working on nf_conntrack, despite we turned down their initial ip6_conntrack
  • Pablo Neira for organizing the Netfilter Workshop 2005.
  • Jesper D. Brouer for organizing the Netfilter Workshop 2013.
  • Balabit for sponsoring the netfilter workshops 2005, 2008 and 2010.
  • INL for sponsoring the netfilter workshops 2005, 2008 and 2010 and organzing the 2008 workshop.
  • ComX for sponsoring the netfilter workshops 2007, 2008 and 2010.
  • Cyberoam for sponsoring the netfilter workshops 2007, 2008 and 2011.
  • Intra2net for sponsoring the netfilter workshops 2010, 2011 and 2012.
  • All the other workshop sponsors, which are mentioned on the individual Workshop Pages.

Copyright © 1999-2024 The Netfilter webmasters . Contact webmaster