Linux.com

SecurityPortal.com has a technical piece on Netfilter: "The 2.4 kernel's packet filtering system, Netfilter, is Linux's first stateful firewall. Stateful firewalls represent a major technological jump in the intelligence of a firewall and are present in all serious Enterprise firewalling products. Among many enhancements, this 'statefulness' allows Netfilter to block/detect many stealth scans that were previously undetected on Linux firewalls."