Introduction

part of a firewall, working on IP packet level (vs. application level proxies or ethernet level bridges)
packet filter intercepting each IP packet that passes through the kernel (in and out on each interface), passing or blocking it
stateless inspection based on fields of each packet
stateful filtering keeping track of connections, additional information makes filtering more powerful (sequence number checks) and easier (replies, random client ports)