About
Coreteam Contributors History License Thanks PGP key Projects iptables nftables libnftnl libnfnetlink libnetfilter_acct libnetfilter_log libnetfilter_queue libnetfilter_conntrack libnetfilter_cttimeout libnetfilter_cthelper conntrack-tools libmnl nfacct ipset nf-hipac patch-o-matic-ng ulogd xtables-addons Downloads git Repository ftp Server rsync Server News conntrack-tools 1.4.6 released libnetfilter_conntrack 1.0.8 released nftables 0.9.4 released libnftnl 1.1.6 released nftables 0.9.3 released iptables 1.8.4 released ebtables 2.0.11 released arptables 0.0.5 released libnftnl 1.1.5 released nftables 0.9.2 released libnftnl 1.1.4 released new coreteam member: Phil Sutter nftables 0.9.1 released iptables 1.8.3 released libnftnl 1.1.3 released libnftnl 1.1.2 released iptables 1.8.2 released iptables 1.8.1 released iptables 1.8.0 released nftables 0.9.0 released libnftnl 1.1.1 released nftables 0.8.5 released conntrack-tools 1.4.5 released libnetfilter_conntrack 1.0.7 released nftables 0.8.4 released libnftnl 1.1.0 released ulogd 2.0.7 released nftables 0.8.3 released nftables 0.8.2 released iptables 1.6.2 released nftables 0.8.1 released libnftnl 1.0.9 released libnetfilter_queue 1.0.3 released nftables 0.8 released libnftnl 1.0.8 released iptables 1.6.1 released nftables 0.7 released libnftnl 1.0.7 released nfacct 1.0.2 released libnetfilter_acct 1.0.3 released conntrack-tools 1.4.4 released libnetfilter_conntrack 1.0.6 released libmnl 1.0.4 released public statement on GPL compliance nftables 0.6 released libnftnl 1.0.6 released iptables 1.6.0 released new PGP keys nftables 0.5 released libnftnl 1.0.5 released libnftnl 1.0.4 released conntrack-tools 1.4.3 released libnetfilter_conntrack 1.0.5 released ulogd 2.0.5 released nftables 0.4 released libnftnl 1.0.3 released nftables 0.3 released libnftnl 1.0.2 released libnftnl 1.0.1 released nftables 0.2 released ulogd 2.0.4 released nftables 0.099 released libnftnl 1.0.0 released iptables 1.4.21 released ulogd 2.0.3 released conntrack-tools 1.4.2 released iptables 1.4.20 released libnetfilter_conntrack 1.0.4 released iptables 1.4.19.1 released iptables 1.4.19 released libnetfilter_conntrack 1.0.3 released iptables 1.4.18 released ulogd 2.0.2 released nfacct 1.0.1 released conntrack-tools 1.4.1 released libnetfilter_acct 1.0.2 released iptables 1.4.17 released New ulogd2 maintainer Netfilter core team updates iptables 1.4.16.3 released libnetfilter_acct 1.0.1 released libnetfilter_cthelper 1.0.0 released ulogd 2.0.1 released conntrack-tools 1.4.0 released libnetfilter_queue 1.0.2 released libnetfilter_conntrack 1.0.2 released libnfnetlink 1.0.1 released iptables 1.4.16.2 released iptables 1.4.16.1 released iptables 1.4.16 released conntrack-tools 1.2.2 released iptables 1.4.15 released ulogd 2.0.0 released conntrack-tools 1.2.1 released libmnl 1.0.3 released iptables 1.4.14 released conntrack-tools 1.2.0 released libnetfilter_cttimeout 1.0.0 released libnetfilter_conntrack 1.0.1 released security notice on conntrack helpers iptables 1.4.13 released nfacct 1.0.0 released libnetfilter_acct 1.0.0 released conntrack-tools 1.0.1 released libnetfilter_conntrack 1.0.0 released libnetfilter_log 1.0.1 released libnetfilter_queue 1.0.1 released libmnl 1.0.2 released iptables 1.4.12.2 released iptables 1.4.12.1 released new PGP keys iptables 1.4.12 released iptables 1.4.11.1 released iptables 1.4.11 released conntrack-tools 1.0.0 released libnetfilter_conntrack 0.9.1 released Documentation FAQ HOWTOs Events Tutorials Various other docs Security Information Mailing Lists List Rules netfilter-announce list netfilter list netfilter-devel list netfilter-failover list Contact bugzilla coreteam webmaster imprint / postal address Licensing GPL licensing terms GPL compliance FAQ Supporting netfilter Events Links Mirrors About website |
Licensing information about netfilter/iptablesnetfilter/iptables is - like all of the Linux Kernel - Free Software (sometimes referred to as Open Source Software), distributed under the terms of the GNU GPLv2 only. Please, note that some source code files might differ, and in that case it is explicitely stated in the header of every file. The GPL also contains some obligations. If you distribute netfilter/iptables code in binary form, you have to offer the source code, too. The netfilter/iptables project has made available some more detailed information on this subject:
The TeX source code of those documents can be found here. Contact the coreteam in case you have any further questions. As netfilter/iptables is increasingly used by commercial vendors as part of their network security products, we'd like to give some explanations on how to comply with the license terms of this software. The target audience for this document is somebody who re-distributes any software published by the netfilter/iptables project, independent of the medium of distribution (cd-rom, floppy disk, firmware image in flash/rom, internet download, ...).
netfilter/iptables is, like the Linux operating system kernel itself,
“free software”. Free refers to free as
in freedom. It doesn't necessarily make a statement about the cost. Free does
explicitly ImportantFree software is copyrighted material, very much like almost all software. You might have heard about freeware or public domain software. They are totally different concepts that do not apply to free software! As many free software, netfilter/iptables is licensed under the terms of the GNU General Public License (GPL), Version 2. You can find the full text of this license at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. There's also a comprehensive list of frequently asked questions available. Important
The license enables you to distribute netfilter/iptables software
In any doubt, feel free to contact the netfilter core team at
According to Section 1 of the GNU GPLv2, you have the following obligations when distributing the original source code as published by the netfilter/iptables project:
According to Section 2 of the GNU GPLv2, you have the following obligations when distributing or publishing modified versions of the source code:
According to section 3 of the GNU GPLv2, when distributing or publishing either original or modified version of the program, you have to fulfill all the obligations of Section 1 and 2, plus one out of the two possible options:
Let's assume you are a vendor that sells embedded firewalling devices, using any of the netfilter/iptables code. Let's assume you are shipping this device with pre-installed object code of the software (sometimes referred to as firmware), but also offer software updates via the internet. Because of your specific needs, you had to modify parts of the original netfilter/iptables code to make it fit your requirements. The GPL gives you two different ways of complying with the license. You can chose between both. However, the netfilter project prefers the option described first in this document: You have to accompany the device (as well as any version of a firmware update) with
In this case, you have to accompany the device (as well as any firmware update) with:
netfilter/iptables is a community based effort. This means that if it weren't for volunteers contributing source code to the project, it wouldn't exist and you wouldn't be able to build products based on it. So as long as you want to continue selling netfilter/iptables products, it is in your own vital interest that the netfilter/iptables project flourishes. Contributions to the project are the most important part in the development of our project. ImportantAll of this is optional. You are not required to support the netfilter/iptables project. We're just kindly asking you to do so. Vendors are welcome to contribute their modifications and/or new features back to the project. This way we can consider to include them into one of our next releases, and thus increasing the value of our software. There are lots of other ways how you can support and encourage further development of the netfilter/iptables software. Possible options include:
If you are interested in supporting the netfilter/iptables project in any way,
maybe even one not listed above, please don't hesitate to contact us at
This section provides a list of frequently asked questions that may help you deal with GPL enforcement and Netfilter. Netfilter provides useful information regarding the licensing terms for netfilter/iptables here. The netfilter community wants to help users to comply with the GPL. Yes. The core team members of the netfilter project have officially endorsed and support "The Principles of Community-Oriented GPL Enforcement" in this public statement. Although core team members of the netfilter project support "The Principles of Community-Oriented GPL Enforcement", Patrick McHardy, unfortunately, did not join with us to sign these principles. We have been told that Patrick McHardy has undertaken compliance actions relating to netfilter code that are inconsistent with these community norms, and we fear that the enforcement actions of Patrick McHardy have caused considerable harm to the reputation of the netfilter project. There are serious allegations that his GPL enforcement activities are prioritizing personal financial gain over compliance. We contacted him to address these allegations many times, however, we got no response from him so far. As a result, the netfilter community has, in fact, suspended Patrick McHardy from the core team until he undertakes a commitment to join with the rest of the netfilter core team in supporting the principles. We cannot provide any legal advice, but we want to share our experience in this field and provide the following references:
|