Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP.
For downloads and more information,
visit the Netfilter homepage.
ïptables is commercial quality firewall. it offers filtering, Nat & mangle facilites. once you have got basic knowledge of linux, it can be easily implemented. it also support ipv6 filtering. it is stateful filewall & you can also implement directional filtering. you can apply the filtering in INPUT, OUTPUT & FORWARD direction. it can be used along with squid proxy server to implement transparent proxy.