About
Coreteam
Contributors
History
License
Thanks
PGP key
Projects
iptables
nftables
libnftnl
libnfnetlink
libnetfilter_acct
libnetfilter_log
libnetfilter_queue
libnetfilter_conntrack
libnetfilter_cttimeout
libnetfilter_cthelper
conntrack-tools
libmnl
nfacct
ipset
nf-hipac
patch-o-matic-ng
ulogd
xtables-addons
Downloads
git Repository
ftp Server
rsync Server
News
conntrack-tools 1.4.6 released
libnetfilter_conntrack 1.0.8 released
nftables 0.9.4 released
libnftnl 1.1.6 released
nftables 0.9.3 released
iptables 1.8.4 released
ebtables 2.0.11 released
arptables 0.0.5 released
libnftnl 1.1.5 released
nftables 0.9.2 released
libnftnl 1.1.4 released
new coreteam member: Phil Sutter
nftables 0.9.1 released
iptables 1.8.3 released
libnftnl 1.1.3 released
libnftnl 1.1.2 released
iptables 1.8.2 released
iptables 1.8.1 released
iptables 1.8.0 released
nftables 0.9.0 released
libnftnl 1.1.1 released
nftables 0.8.5 released
conntrack-tools 1.4.5 released
libnetfilter_conntrack 1.0.7 released
nftables 0.8.4 released
libnftnl 1.1.0 released
ulogd 2.0.7 released
nftables 0.8.3 released
nftables 0.8.2 released
iptables 1.6.2 released
nftables 0.8.1 released
libnftnl 1.0.9 released
libnetfilter_queue 1.0.3 released
nftables 0.8 released
libnftnl 1.0.8 released
iptables 1.6.1 released
nftables 0.7 released
libnftnl 1.0.7 released
nfacct 1.0.2 released
libnetfilter_acct 1.0.3 released
conntrack-tools 1.4.4 released
libnetfilter_conntrack 1.0.6 released
libmnl 1.0.4 released
public statement on GPL compliance
nftables 0.6 released
libnftnl 1.0.6 released
iptables 1.6.0 released
new PGP keys
nftables 0.5 released
libnftnl 1.0.5 released
libnftnl 1.0.4 released
conntrack-tools 1.4.3 released
libnetfilter_conntrack 1.0.5 released
ulogd 2.0.5 released
nftables 0.4 released
libnftnl 1.0.3 released
nftables 0.3 released
libnftnl 1.0.2 released
libnftnl 1.0.1 released
nftables 0.2 released
ulogd 2.0.4 released
nftables 0.099 released
libnftnl 1.0.0 released
iptables 1.4.21 released
ulogd 2.0.3 released
conntrack-tools 1.4.2 released
iptables 1.4.20 released
libnetfilter_conntrack 1.0.4 released
iptables 1.4.19.1 released
iptables 1.4.19 released
libnetfilter_conntrack 1.0.3 released
iptables 1.4.18 released
ulogd 2.0.2 released
nfacct 1.0.1 released
conntrack-tools 1.4.1 released
libnetfilter_acct 1.0.2 released
iptables 1.4.17 released
New ulogd2 maintainer
Netfilter core team updates
iptables 1.4.16.3 released
libnetfilter_acct 1.0.1 released
libnetfilter_cthelper 1.0.0 released
ulogd 2.0.1 released
conntrack-tools 1.4.0 released
libnetfilter_queue 1.0.2 released
libnetfilter_conntrack 1.0.2 released
libnfnetlink 1.0.1 released
iptables 1.4.16.2 released
iptables 1.4.16.1 released
iptables 1.4.16 released
conntrack-tools 1.2.2 released
iptables 1.4.15 released
ulogd 2.0.0 released
conntrack-tools 1.2.1 released
libmnl 1.0.3 released
iptables 1.4.14 released
conntrack-tools 1.2.0 released
libnetfilter_cttimeout 1.0.0 released
libnetfilter_conntrack 1.0.1 released
security notice on conntrack helpers
iptables 1.4.13 released
nfacct 1.0.0 released
libnetfilter_acct 1.0.0 released
conntrack-tools 1.0.1 released
libnetfilter_conntrack 1.0.0 released
libnetfilter_log 1.0.1 released
libnetfilter_queue 1.0.1 released
libmnl 1.0.2 released
iptables 1.4.12.2 released
iptables 1.4.12.1 released
new PGP keys
iptables 1.4.12 released
iptables 1.4.11.1 released
iptables 1.4.11 released
conntrack-tools 1.0.0 released
libnetfilter_conntrack 0.9.1 released
Documentation
FAQ
HOWTOs
Events
Tutorials
Various other docs
Security Information
Mailing Lists
List Rules
netfilter-announce list
netfilter list
netfilter-devel list
netfilter-failover list
Contact
bugzilla
coreteam
webmaster
imprint / postal address
Licensing
GPL licensing terms
GPL compliance FAQ
Supporting netfilter
Events
Links
Mirrors
About website

Licensing information about netfilter/iptables

License terms of the netfilter/iptables software

netfilter/iptables is - like all of the Linux Kernel - Free Software (sometimes referred to as Open Source Software), distributed under the terms of the GNU GPLv2 only. Please, note that some source code files might differ, and in that case it is explicitely stated in the header of every file.

The GPL also contains some obligations. If you distribute netfilter/iptables code in binary form, you have to offer the source code, too.

The netfilter/iptables project has made available some more detailed information on this subject:

The remainder of this page as pdf (An Article on the licensing of netfilter/iptables by Harald Welte).
An Example disclaimer to be used as an appendix in a product manual.

The TeX source code of those documents can be found here.

Contact the coreteam in case you have any further questions.

An article about netfilter licensing

Introduction

As netfilter/iptables is increasingly used by commercial vendors as part of their network security products, we'd like to give some explanations on how to comply with the license terms of this software.

The target audience for this document is somebody who re-distributes any software published by the netfilter/iptables project, independent of the medium of distribution (cd-rom, floppy disk, firmware image in flash/rom, internet download, ...).

Free Software ?!?

netfilter/iptables is, like the Linux operating system kernel itself, “free software”. Free refers to free as in freedom. It doesn't necessarily make a statement about the cost. Free does explicitly NOT mean “free of any obligations”.

Important

Free software is copyrighted material, very much like almost all software. You might have heard about freeware or public domain software. They are totally different concepts that do not apply to free software!

The GNU GPL Version 2

As many free software, netfilter/iptables is licensed under the terms of the GNU General Public License (GPL), Version 2. You can find the full text of this license at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. There's also a comprehensive list of frequently asked questions available.

Important

The license enables you to distribute netfilter/iptables software ONLY IF you adhere to ALL conditions of this license. If you fail to do so, you are infringing our copyright in no different way of copying any other copyrighted material (e.g. proprietary software)!

In any doubt, feel free to contact the netfilter core team at <coreteam@netfilter.org> BEFORE you ship any product containing our source code.

Obligations for distributing the original source code

According to Section 1 of the GNU GPLv2, you have the following obligations when distributing the original source code as published by the netfilter/iptables project:

Provide a copyright notice and disclaimer of warranty
Keep intact all notices that refer to the license
Give a copy of the GPL license along with the program

Obligations for distributing modified source code

According to Section 2 of the GNU GPLv2, you have the following obligations when distributing or publishing modified versions of the source code:

Every modified file has to carry a statement about the change, including the date of any change
You must make available any modified version available to be licensed as a whole at no charge to all parties under the terms of GNU GPLv2

Obligations for distributing object code / executable form

According to section 3 of the GNU GPLv2, when distributing or publishing either original or modified version of the program, you have to fulfill all the obligations of Section 1 and 2, plus one out of the two possible options:

Accompany it with the complete corresponding machin-readable source-code
Alternatively, accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine readable copy of the corresponding source code

Example case of an embedded firewall vendor

Let's assume you are a vendor that sells embedded firewalling devices, using any of the netfilter/iptables code. Let's assume you are shipping this device with pre-installed object code of the software (sometimes referred to as firmware), but also offer software updates via the internet.

Because of your specific needs, you had to modify parts of the original netfilter/iptables code to make it fit your requirements.

The GPL gives you two different ways of complying with the license. You can chose between both. However, the netfilter project prefers the option described first in this document:

Immediate source code offering

You have to accompany the device (as well as any version of a firmware update) with

A copy of the license text

A copy of the GNU GPLv2 License text along with your documentation, including a copyright notice (e.g. "(C) Copyright 2000-2004 netfilter project https://www.netfilter.org/") and the disclaimer of warranty (Section 11/12 of the GNU GPLv2).

If you ship printed documentation, please print the license, too. If you only ship electronic documentation (on CD-ROM or any other medium), please include an electronic version of the GNU GPL license text. If you ship GPL licensed code bundled with code subject to a different licese, you have to indicate which parts of the resulting product are covered by which license.

Full copy of the modified source code

Please remember that modifications from the original source need to be identified as modificiations.

Any scripts used to control compilation and installation of the object code

This specifically means you need to ship the makefiles used to control the build process and any tools needed for building the firmware image from the source code.

Written offer for source code shipping

In this case, you have to accompany the device (as well as any firmware update) with:

A copy of the license text

If you ship printed documentation, please print the license, too. If you only ship electronic documentation (on CD-ROM or any other medium), please include an electronic version of the GNU GPL license text. If you ship GPL licensed code bundled with code subject to a different license, you have to indicate which parts of the resulting product are covered by which license.

A written offer to provide the source code

It is important to note, that you have to offer the source code to any third party, not just to the customer who has bought your appliance. You are not allowed to charge more money than the cost of copying the media and shipping it to the requesting party. The source code has to oblige to the same criteria in the previous example (i.e. include makefiles, tools for building the firmware image, ...).

Notes on the development process

netfilter/iptables is a community based effort. This means that if it weren't for volunteers contributing source code to the project, it wouldn't exist and you wouldn't be able to build products based on it.

So as long as you want to continue selling netfilter/iptables products, it is in your own vital interest that the netfilter/iptables project flourishes. Contributions to the project are the most important part in the development of our project.

Important

All of this is optional. You are not required to support the netfilter/iptables project. We're just kindly asking you to do so.

Vendors are welcome to contribute their modifications and/or new features back to the project. This way we can consider to include them into one of our next releases, and thus increasing the value of our software.

There are lots of other ways how you can support and encourage further development of the netfilter/iptables software. Possible options include:

Monetary donations
Donations of hardware
Donations of rackspace, hosting, bandwidth, traffic
Directly funding the development of certain new features
Advertisement. Tell people that you are using our software
Bug fixing. Inform us if you have found and/or fixed any bugs in the software

If you are interested in supporting the netfilter/iptables project in any way, maybe even one not listed above, please don't hesitate to contact us at <coreteam@netfilter.org>.

Frequently asked questions regarding GPL compliance and Netfilter

This section provides a list of frequently asked questions that may help you deal with GPL enforcement and Netfilter.

Where can I find information regarding compliance with netfilter’s license terms?

Netfilter provides useful information regarding the licensing terms for netfilter/iptables here. The netfilter community wants to help users to comply with the GPL.

Does netfilter enforce the GPL license?

Yes. The core team members of the netfilter project have officially endorsed and support "The Principles of Community-Oriented GPL Enforcement" in this public statement.

I have received a letter from Patrick McHardy demanding that I cease and desist from using "Netfilter" or "Linux Kernel Network Stack." Who is Patrick McHardy and what should I do?

Although core team members of the netfilter project support "The Principles of Community-Oriented GPL Enforcement", Patrick McHardy, unfortunately, did not join with us to sign these principles. We have been told that Patrick McHardy has undertaken compliance actions relating to netfilter code that are inconsistent with these community norms, and we fear that the enforcement actions of Patrick McHardy have caused considerable harm to the reputation of the netfilter project. There are serious allegations that his GPL enforcement activities are prioritizing personal financial gain over compliance. We contacted him to address these allegations many times, however, we got no response from him so far. As a result, the netfilter community has, in fact, suspended Patrick McHardy from the core team until he undertakes a commitment to join with the rest of the netfilter core team in supporting the principles.

We cannot provide any legal advice, but we want to share our experience in this field and provide the following references:

Take the warning letter seriously and handle it as you would any formal legal demand. Delays in response cannot help and can make the situation much more difficult for you to address.
Do not handle the letter as an informal negotiation. Several enforcement cases have ended up litigated in court. Contact a lawyer familiar with Free and Open Source Software (FOSS) licensing for professional advice as soon as possible. Quick action might be necessary according to German procedural law. (If you are not familiar with German procedural law you and your counsel will find further information at "Enforcement of the GNU GPL in Germany and Europe" from Till Jaeger.)
Do not assume that because the software that is alleged to be out of compliance was supplied to you by another company, that you have no responsibility for the compliance failure. If you are distributing the software, you will be required to do so in full compliance with the licenses even if your supplier is the cause of the failure.
Work with your counsel to immediately gather all of the facts that you need to understand whether the allegations of noncompliance are accurate. You can find more detailed information about your obligations under the GNU General Public License, Version 2, (GPLv2) at the following sources:
- Our interpretation of the GPLv2.
- Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide published by the Free Software Foundation (license steward of the GPL) and Software Freedom Conservancy.
- Software Freedom Law Center Guide to GPL Compliance from Software Freedom Law Center.
Fix any compliance failures as soon as possible. This will usually require the cooperation and focus of both your lawyer and your technical staff. A common compliance issue is the failure to provide the "complete corresponding source code" of any software licensed under the GPL please find further information regarding this requirement at:
- "Practical GPL Compliance" (Guide published by the Linux Foundation).
- "Source Code FAQ" from gpl-violations.org. And consider other licenses as well. In particular you should verify compliance with your obligations for code licensed under the GNU Lesser General Public License (LGPL). The LGPL is the license of the glibc and many other valuable libraries.
- Check your complete range of products, including, in particular, any firmware updates available on your website or delivered “over-the-air” (also referred to as “OTA”).
Once you are in compliance, you must be vigilant to continue to comply consistently for all of your products. Be aware that Patrick McHardy has claimed contractual penalties in cases in which alleged violators signed a declaration to cease and desist and Patrick McHardy was able to assert further violations. Often violations in other products will be claimed at a later date and invoke contractual penalties.
Let us know if you have received a letter to cease and desist. We try to help those who want to be GPL compliant and help you find access to knowledgeable resources who can help if you do not have expertise. Avoid undertaking any promise not to talk to others in the community who want to provide assistance.