PNS is based on Linux and like most modern operating system it has some kind of packet filter solution. The Linux kernel has had serious filtering capabilities since version 2.0. Since then, the packet filter framework has been rewritten three times to improve its capabilities, features, speed and robustness. The latest packet filter system in Linux is called Netfilter/IPTables since version 2.4.

Netfilter belongs to the family of stateful packet filters and provides packet mangling and connection NATing capabilities as well. Netfilter is designed to be very flexible in configuration to cover all of the possible packet filtering situations. Although in PNS Netfilter plays less significant role, it is necessarily to understand how it handles packets and how the configuration is organized.