Netfilter is a framework that provides hook handling within the Linux kernel for intercepting and manipulating network packets. Put more concretely, Netfilter is invoked, for example, by the packet reception and send routines from/to network interfaces. As the master Netfilter function is called with a packet, Netfilter runs through the list of registered hooks and calls the extensions in succession, which then handle packets as they desire. The term Netfilter is also used to refer to the Free Software project that aims to provide firewalling tools for GNU/Linux.
Read more about Netfilter: History, Iptables, Nftables, Packet Defragmentation, Connection Tracking, Network Address Translation, Further Netfilter Projects, Netfilter Workshops