Netfilter, et al

Very sophisticated kernel packet munging exist

2.4 kernel uses Netfilter (iptables)
2.2 kernel uses IPChains
2.0 kernel uses ipfwadm

Can be used to create

Network ACLs
Firewalls
NAT / Masquerade / etc
Routers
Anything imaginable