For Netfilter and a rationale behind ipfw, ipchains and iptables, check out Rusty's Remarkably Unreliable Guides at

Netfilter, from a security perspective, is discussed in the September 2001 issue of LJ in David A. Bandel's “Taming the Wild Netfilter”.

The BPF language is described in the following paper by Steven McCanne and Van Jacobson: “The BSD Packet Filter: A New Architecture for User-Level Packet Capture”, available at