When Netfilter performes filtering in TCP/IP kernel network stack?

linux iptables linux-networking tcp

I have a question about where the Netfilter is placed in the network stack in the Linux kernel.

I know that it is Network layer, netfilter and then TCP layer. In fact, after decapsulating the packet in IP layer in the kernel, it will be parsed by Netfilter and then it will be decapsulated in TCP. So I am wondering how it can filter the packets based on port number as it is in TCP header.


Solution 1:

Netfilter does not route packets, routing takes place in separate part of the network stack.

https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg shows the packet flow in the Netfilter subsystem.

Internally Netfilter operates on skb structures, which contain either L2 frames or L3 packets and associated metadata.

Related

How i revert creating partition table inside a partition
Amazon SQS maximum in flight messages
nftables forwarding from wlan0 to eth0, but nothing happens
Change only 1 emails DNS to use another server but keep the other ones in my server [closed]
Solaris 10 stuck at boot
MySQL accessing a lot of deleted temp files
Duplicate Entry in outlook room list
Change diff format/output in Ansible? External diff command?
Copying files using multi threading increases performance - Why?
ipsec xfrm esp routing
How can I grant Dial-In / Network Access Permission to local account via command line?
mdadm how to use an array as a "member disk" in another array