Introduction

one part of a firewall, working on IP packet level (vs. application level proxies or ethernet level bridges)
intercepting each IP packet that passes through the kernel (in and out on each interface), passing or blocking it
stateless inspection based on fields of each packet
stateful filtering keeping track of connections, additional information makes filtering more powerful (sequence number checks) and easier (replies, random client ports)
filtering for local host or network (multihomed host, IP forwarding or bridging)