Ars Technica

How do ipchains/tables or other packet filters work?

Basically you tell it what packets to drop. In your rules you says something like "all packets from network 172.30.0.0 get dropped" and every time a packet comes in the kernel compares it to all the ...