Netfilter: Architecture

Portforwarding, redirection, masquerading, filtering:
Surely someone would be foolish enough to try to unify them?
Needed a framework: no more hard-coded kernel hacks.
Netfilter is the framework.