Chains: Netfilter Netfilter organises chains into tablespaces Extensible - Additional tables can be added via kernel modules All tablespaces can have user chains Standard Tablespaces filter for packet filtering nat for network address translation mangle for IP packet rewriting