https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture
https://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-3.html


The netfilter hooks in the kernel and where they hook in the packet flow
------------------------------------------------------------------------
```
                                   netfilter hooks

                                  +-----------> local +-----------+
                                  |             process           |
                                  |                               |
                                  |                               |
                                  |                               |
                                  |                               v
                    +-------------+--------+
                    |                      |               +----------------------+
                    |        input         |               |                      |
                    |                      |               |     output           |
                    +------+---------------+               |                      |
                           ^                               +-------+--------------+
                           |                                       |
                           |                                       |
                           |            +---------------------+    |         +-------------+
     +-----------+                      |                     |    +-------> |             |
+--> |pre routing+----  route    -----> |      forward        |              |post routing +---->
     |           |      lookup          |                     +------------> |             |
     +-----------+                      +---------------------+              +-------------+
```