Did I just say iptables? What givesNetfilter, iptables? Which is it? Well, it's both. The overall framework and the kernel code is Netfilter. But, of course, you and I can't talk to the kernel. We need a user-space program to interface with the kernel and provide what the kernel needs and the form it needs it in from rules that we can understand. (If you think this is a small feat, you haven't tried out iproute2. If you have tried out iproute2, you know what I'm talking about.) For Netfilter, that program is called iptables.