About
Coreteam Contributors History License Thanks PGP key Projects iptables nftables libnftnl libnfnetlink libnetfilter_acct libnetfilter_log libnetfilter_queue libnetfilter_conntrack libnetfilter_cttimeout libnetfilter_cthelper conntrack-tools libmnl nfacct ipset nf-hipac patch-o-matic-ng ulogd xtables-addons Downloads git Repository ftp Server rsync Server News conntrack-tools 1.4.6 released libnetfilter_conntrack 1.0.8 released nftables 0.9.4 released libnftnl 1.1.6 released nftables 0.9.3 released iptables 1.8.4 released ebtables 2.0.11 released arptables 0.0.5 released libnftnl 1.1.5 released nftables 0.9.2 released libnftnl 1.1.4 released new coreteam member: Phil Sutter nftables 0.9.1 released iptables 1.8.3 released libnftnl 1.1.3 released libnftnl 1.1.2 released iptables 1.8.2 released iptables 1.8.1 released iptables 1.8.0 released nftables 0.9.0 released libnftnl 1.1.1 released nftables 0.8.5 released conntrack-tools 1.4.5 released libnetfilter_conntrack 1.0.7 released nftables 0.8.4 released libnftnl 1.1.0 released ulogd 2.0.7 released nftables 0.8.3 released nftables 0.8.2 released iptables 1.6.2 released nftables 0.8.1 released libnftnl 1.0.9 released libnetfilter_queue 1.0.3 released nftables 0.8 released libnftnl 1.0.8 released iptables 1.6.1 released nftables 0.7 released libnftnl 1.0.7 released nfacct 1.0.2 released libnetfilter_acct 1.0.3 released conntrack-tools 1.4.4 released libnetfilter_conntrack 1.0.6 released libmnl 1.0.4 released public statement on GPL compliance nftables 0.6 released libnftnl 1.0.6 released iptables 1.6.0 released new PGP keys nftables 0.5 released libnftnl 1.0.5 released libnftnl 1.0.4 released conntrack-tools 1.4.3 released libnetfilter_conntrack 1.0.5 released ulogd 2.0.5 released nftables 0.4 released libnftnl 1.0.3 released nftables 0.3 released libnftnl 1.0.2 released libnftnl 1.0.1 released nftables 0.2 released ulogd 2.0.4 released nftables 0.099 released libnftnl 1.0.0 released iptables 1.4.21 released ulogd 2.0.3 released conntrack-tools 1.4.2 released iptables 1.4.20 released libnetfilter_conntrack 1.0.4 released iptables 1.4.19.1 released iptables 1.4.19 released libnetfilter_conntrack 1.0.3 released iptables 1.4.18 released ulogd 2.0.2 released nfacct 1.0.1 released conntrack-tools 1.4.1 released libnetfilter_acct 1.0.2 released iptables 1.4.17 released New ulogd2 maintainer Netfilter core team updates iptables 1.4.16.3 released libnetfilter_acct 1.0.1 released libnetfilter_cthelper 1.0.0 released ulogd 2.0.1 released conntrack-tools 1.4.0 released libnetfilter_queue 1.0.2 released libnetfilter_conntrack 1.0.2 released libnfnetlink 1.0.1 released iptables 1.4.16.2 released iptables 1.4.16.1 released iptables 1.4.16 released conntrack-tools 1.2.2 released iptables 1.4.15 released ulogd 2.0.0 released conntrack-tools 1.2.1 released libmnl 1.0.3 released iptables 1.4.14 released conntrack-tools 1.2.0 released libnetfilter_cttimeout 1.0.0 released libnetfilter_conntrack 1.0.1 released security notice on conntrack helpers iptables 1.4.13 released nfacct 1.0.0 released libnetfilter_acct 1.0.0 released conntrack-tools 1.0.1 released libnetfilter_conntrack 1.0.0 released libnetfilter_log 1.0.1 released libnetfilter_queue 1.0.1 released libmnl 1.0.2 released iptables 1.4.12.2 released iptables 1.4.12.1 released new PGP keys iptables 1.4.12 released iptables 1.4.11.1 released iptables 1.4.11 released conntrack-tools 1.0.0 released libnetfilter_conntrack 0.9.1 released Documentation FAQ HOWTOs Events Tutorials Various other docs Security Information Mailing Lists List Rules netfilter-announce list netfilter list netfilter-devel list netfilter-failover list Contact bugzilla coreteam webmaster imprint / postal address Licensing GPL licensing terms GPL compliance FAQ Supporting netfilter Events Links Mirrors About website |
About the netfilter/iptables project
The initial author of and head behind
But netfilter/iptables wouldn't be what it is today if it
wasn't for the numerous contributions by independent software developers, whom
we call If you are interested in more information, there is also a small page about the history of the netfilter project. The Netfilter Core Team are the people who make the decisions, have commit access to the master Source Control Management (SCM) tree, and do Official Sounding Stuff. To be on the core team implies excellent judgement and some dedication; after all, anyone in the core can do releases. The core team elects one of it's members to be the “Head of the netfilter core team”. Members of the core team who are no longer actively developing code are called “emeritus” members of the core team. Active Members Emeritus Members To get on the core team is fairly simple. Impress us so someone proposes you and no one vetoes. Suggested methods include:
So far, there are two:
There are numerous people contributing to the project. In the early development period we used to keep a scoreboard and list the contributions of every single developer. However, the scoreboard is closed now. Web site layout and logo design by Daniel García. The current Webmaster is Pablo Neira Ayuso. Harald Welte, the former webmaster, made the XML/XSLT Docbook-website conversion of the page. The listmaster takes care of the moderation and administration of our mailinglists. The current Listmaster is Pablo Neira Ayuso. Early in the development, a few people contributed some code, but none
of them had become long term contributors. After considering the problem,
Rusty decided to try keeping a The core team was actually started shortly after Rusty, while on a trip
to SF in November 1999, made a detour to Montreal (despite the lack of warm
clothing) to meet and discuss some big design issues.. Rusty and Marc spent a
whole night in Marc's office conceiving the multiple tables framework which
lead to the death of ipnatctl (a separate tool used to
control nat in early versions of netfilter), generalization of iptables and
birth of the After all this was mightily implemented (and ip_conntrack rewritten) by
Rusty, we started getting some nice contributions from a certain
In the spring of 2000 Marc traveled to Australia to attend a few conferences and spend some time in Canberra working with Rusty at Linuxcare on netfilter/iptables (fixing various bugs, implementing additional modules and merging everything into the official Linux tree). At the Sydney Linux Expo we met Following James' assimilation into the collective, our efforts were
mainly directed towards preparations for the release of Netfilter as part of
the upcoming 2.4 kernel. It was the dawn of the third age of Linux
firewalling; a time of great struggle and heroic deeds. It was our last, best
hope for peace. Great communities were founded, old civilizations were lost,
and new alliances were formed. James' missions during this period included the
continued perversion of the networking code, such that it was now possible to
load an ASN.1 parser into the kernel and inflict grave terror upon
unsuspecting SNMP packets; and to extend the IP stack into userspace with
Perl. Now peering squarely into the abyss, we noticed the good deeds of a
young kernel warrior named Accordingly, his distinctiveness was added to the collective. With balance restored, the netfilter juggernaut was now free to accelerate into the brave new world of Linux 2.4 and face it's greatest challenge: users. Harald's first (code-) contribution to the Netfilter project was the connection tracking module for IRC. Following that he worked on some smaller stuff like TTL match and target modules as well as IPv6 porting. The ULOG target including the ulogd daemon were the next milestone. After getting included in the Netfilter core team in September 2000 he took over lots of the administrative work like doing releases, maintaining SCM, TODO lists, etc. and got involved more and more with fundamental design issues. At the time of writing, this is mainly the new conntrack/Nat helper framework for multiple related expectations, the upcoming new kernel/userspace interface nfnetlink as well as the whole new userspace world based on libiptables. At the first netfilter development
workshop in November 2001, At the second netfilter development
workshop in August 2003, At this time, the coreteam also decided to formally elect a
In January 2004, In October 2005, In February 2007, In October 2012, During the Netfilter Workshop 2013 in Copenhagen, Denmark,
Netfilter/Iptables is - like all of the Linux kernel - free software (sometimes referred to as Open Source), distributed under either the terms of GNU GPLv2 only or any later version. For further information, please see the Licensing and the GPL compliance FAQ sections of this homepage.
The Netfilter Core Team has a PGP key that we use to sign all software released by the project. Current PGP key id is 0x26D292E4, this key was generated on November 19th, 2015 and will be valid until November 17th, 2020. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQINBFYldiMBEAC635z9C9kG6VzzdWIO8BEmzjJ6dwe5yMnlZqN5r2CP5h9BrRB3 BW4oLFLeJyFwsSP6aQeTUB/xkfBG01G6tjsnDWiEVkg2B1/iw4o8mfTTupvMG0Dg 3YY66Cu6vKx8zvFafq3jczzNp2O1Id8N7HT6zhERmHmZXdZw8jdtJKNmYOHyCSMF SWh8L+C9Y/RmACqegAp8hvNflQPWnTzQovWMiGxE/9/21pJfOgEu/Ky2O3xaObNg WZ9ILxcwgf6vb/3SmLOnuWl+w1HhdquDlvye7yYyE1xrpu8nUQtzXqL/D3XjQGwX 3Is51r508gKxMY4E4h8KkDiA51uHRCbScIjT+dK1Sm+Q2SN/2KJGeQAEFe9GWXpi /+b3xpemu+8L7lBXChbYkKtyWL7d6FnATs8lm3ey9THMAGzjnkl0vYRlrlh48xbk Je4oHSQF7OBkQoFGzPN8kwrZgw9dd9+w3nYkn63ILZjaZL30QZI1CmLXp+jdY7DQ agnry8cNLhWAXklZfeiicsmzHdkXez/rQo7X6T7hL8PQJT6h2SpykOHPL6dOzAiP SWryf56JWu6wjJNC1CwvbbbcmjhjUg972/7dupV6+qjletPtJcO8RG3QLvM3RKkf 4sSm759Y20mo03B94Hhi+2GpJYrnLUVkwV2MnfGm2ig1M60xEtSSed8UTQARAQAB tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC PgQTAQIAKAUCViV2IwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA CgkQq0ZVoSbSkuTaBxAAupoH2w8oEfjK2x4N6mxpIKJz41J2AapAQ8/I4HbxV0t0 JvwDSPdqqni5BvnhbrLoqCKV4OEhzZslAaEfgetLQKQbczvPIgGwh5I738+H6gGa WCd1c2FyGv0nEqEB4++6rjZDvWmropE4+K6OoJzFCNopTdXb/RW/f912MX8rz+0I VshkbrvTHpGjzYwE7cO7Q5wwXtAuXh68F5dqIxsZXY9nnnKCy2HBsPMeK1QwMZTZ XYerTYMHNyEPuBZCK4ubLnSuL8Q5D26Ln7K0+saFHvqgI/vZknFHkRUq63QgkXdh LAavo4Vkv5DlmtDgIukykjlzCHSc3vODoEfuu5vjzYr5mefl4EpjPwMzd+i8p8fJ 8e1jU4VQnfR1YqvZMlyNbUGsxlN9PvlnnHLfu1RNn+Gj+SE43e1pR5RFC1Y0TAYP phXc/o35hJ3JguNU41spKr62VrE/fBYTUWIkVbJ4ojb3OwUvF9agTg6L7yoOOMhd 8RMt7hUnBzKsDI4hKrVX0KX2YfT4819XgLo/bDBdejZ81Xk/5+ICmzvBOL3m7SCY MzHdfWNCgsXzMbuK40h8NU9G2M8DqGvcv3oyjPxvzRJxSs8I8khGxvc5XIiV64W+ 2tsvmMzb0oxLj/B7NgSz4CZGbVaIhOFFRPVm+4zYclM+EQtBXY0chiLRoJcnPSGJ AhwEEAECAAYFAlYld28ACgkQpBEfibtfWMwPuw/+KgcsIbvnAfacFJhYKY8os6YC x2RtqDS2r+kbdQgc4/ije6591y0nx/gLGk9wBB2p01SJthnI2l5B15c5nlhSfGIE 0bkDDvKOsaoUcUexKC5DFWtz2/6dn/5aPDbSeTPh6vbgND37jAZeuyUKh44tDePU nNICDFiP9Ly8v117hF/ceH26rprhcGZfbbjqZQe7TppEggB6/ORadfJlQotH+390 uw9OnoQQ6mevGUwGaF8WOafnI5UVyR37o38xcnJ7BH603rsJWYBrdwfDBbVFDc+b kujAfSyJkex9jel5a1duKpqvXo7+ko5Ow8HS+kXIh1YtF8Cudv51B3G+xNfbSm8l fZusj9h9huuXB3u4FlWQmgjFC3Z9M3ZQkeWqrnhyQeXKHS6qJy5+IahhkyJamhZJ Fxa3B/+Y5LapRQoXyEw+5dXJ9oWVeigR7jP7qWnPcI1OY2PI+KHjphb28iuGhDAW PwTp7tPpghP9r9cXdQQJ4eoreFnKugqOXi3nX9bv74i1MwmxB0mxvtV1F9pUYn9o +WzX/KWhPtBqMSykPVUyZCzyT/igSzF0WRie8/AtOMWSRAGejwVdrbkJN3uArcKg HB5DyASUtP04HnO7mR3HBIbR+2UnRJXPgWcVgE9ZSlDwk+FHQfmgF7zB/6FI1IqS 7eIaGZmQVldO4NCaLim5Ag0EViV2IwEQAKytbHA7r71kxCb/stEq94ZzPJpxyCtl zXJ+Kf3eZztZsgrWVj0VQyEMslyTJ7RKqywTJ48QXUHEJLe6NpiRS8iWDvl2//Sc h9etTD8mzOtHQ1zk08ZwKd3Qx+LXS/+bJ1QMqwvd1tjzGoSuG3cKTNdAs/xcbXAd sSe2aKqt273jeCklGm7EWCTdvQcIyrYN/djLSevEgAFjdtX3kPybPSow6TaF9kpf WaCEdm2yLGhjXrYv3Ik8uNzEv1eilzU3KGK4MkslvxwjcPSo7bx/oP1v83tLAlyS i28uqEUH7EdszwU7PWAfdhnqRvt49b/rcOI7W75iykrHvkuQRvFHto9wcW8+P0RA na5cQ3uIF9YYuSv1tNefaQeuX4WvgzN2LyqzaLirKi7MZuQzIw43RKlUFrT3eLWM uLi9kVnBr73nXvrTea2LAWrX3pTH00hTfo8RZ7cKJOmJrpZ8yAz+DrVIyzqR9Wcj U3FxMgEM+dWl3I1bpP+jFeuIUhJx9RQe7+/WaPWn3ZjUinaV3/J72dyDux514acI d6Y1qZcmpWUe52+z5SA8RwiuktxDd5brQV+MPaIdNyn61pX2W9kw/7PObjc21O00 m/ChQvdIvR/6rHdcN5M8uHr0SZchbyKsJLGGO+obk36Q3cfMmm3xWCBtk13NojJA O0fqDKPgeOpJABEBAAGJAiUEGAECAA8FAlYldiMCGwwFCQlmAYAACgkQq0ZVoSbS kuSAdg//Xi+kyfNsAq4dx8fkd2HllTm7pBAauB6PCkRZ4LyIvtg9eD5Y1rSEz3qZ Q7aV7txNYuyO+BdfducRbO6U+gQ+uXtd/9fMuEV+acBn7tB0yaYt1AeO1l5Up8kQ Sw/v6oinEgpEdZnCiYMiGPSmwNK69Q67/9wyUfsAbfRbsMP4MYL+78iMcaw2tvhh EsSXNYi8rihYg7Z1JJiaarSVdLM4t/FtTUFMFlhdwllKan7599egieHE8rrqy5/f eHHiQ4Xq0vbRXGAEnZm5eoOj8FoHRa6Zm+OCe4HQQrAfatnKY4Q27m4E6u1d9glT ARijk4YoSWRyM/y2crh7/VjWF1DX6RDjlDfewvo+tPdU0ofuT+qCThOtVTAQS+dZ 8N09BRSrQPZLmyi5NPBh++bzy2gai2uQfPGd5yVnZWiTnYBhM+uT1FIe/IlidwBQ DsIbAxH8RWAvoGVqrfasN1sqdnmNqvuXqeCkcbqqtzNFd81xOs+X3xfAgqkXv8sx gIfEcRJk/zZfshxCFb+6qSZOhkr5F6+XTf48mQojdnxxIWTgbS75ZxOVIzG2Dhqp NxfDgER2qyf6gEQE86jWHQ0XvUisZW6IPpOllsSeIr0lZmGNvLxFn+/SGe/WRydM KEYvr69wsKXOPPEo8Iu2vztB1us10msVzXmEdFZ8L3K2a7ZQqiE= =xrra -----END PGP PUBLIC KEY BLOCK----- You can also get a plain text file with the key. In accordance with good key management practices, we have also generated a revocation certificates for our old PGP keys. The revocation certificate for our old PGP key id 0xCA9A8D5B, 0x2D0987E6 and 0xBB5F58CC have also been sent to the public PGP key servers. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 Comment: A revocation certificate should follow iQIuBCABAgAYBQJWUjQZER0BS2V5IGhhcyBleHBpcmVkAAoJEKQRH4m7X1jMYr0Q AMuzYZg4nmwGEOiz1DIY/nlKCrHAZHqPtcm+qy0QNFwRQgLRigWFvUUyxA+V0LKN wZYrdM8uIYB76Fy7eWCml79BH2+SJXZDEBRyHsU+t3+Nvf38PmxyoqZcAA62e0SO nrzn0HHnTK0ckVX7hZZTYqnDcQ7etw40jqnUdn4/waajN8VroffU9lHmZAENyGh9 zsIu+krcH0A0FmOOzgUMwY/iVPK04EhxjPClbYId92WKTq3I0BMzvM2kvjFiyhbA 2aJcvPPhykydx7fhyLfk/HdC3XuZFWykGLJRCKcKSw7CGv+yrS/EbkfYmxsYtH/z tjKBLwHQ9ORLyIOqnQqtrGFC2s1I7JsTshEtZPlv7P1Kp9oT5CxVxYMs6Vibw/So VOm4lY7tldTydbb6Gb618lLwGOeakA+t4bddes7/+HZdLdmQQpzDroC+UyZP1V5A /9S6TMEx1YHXGU6zHb8PjVXH3cD8N/CI4h4IsMmWI+QPf+lXEUioi53giNw+KxhE YcLsz+C0PkGMdUh8PJ5EGrhqkVC/UrAPmU5wg73hWr2eY6JlsBaoSDjK9ih0CGiV lVxHD2SE6tK6TmIsA/TZepJOi10WirlTr7Er4pC0hI8AuX+JqlFGN+jhEj0pZa7u VC9sQFL6IAfU+Q4q+c3usjQHyqKJcPQ67qVlkDaSe39G =rasM -----END PGP PUBLIC KEY BLOCK----- You can also get a plain text file with the revocation certificate. We want to thank all our vivid contributors. Without their general help, suggestions, bug reports, comments and actual code contributions, Netfilter wouldn't be what it is. We thank We thank the Linux networking gods ( We thank the founding fathers of the Internet. Who would need firewalls if there was no Internet ;-) We also thank the companies and individuals who contributed funding or equipment for netfilter/iptables development:
|