- Uses Netfilter's connection tracking facilities for stateful packet filtering
- Can be used in a wide range of router/firewall/gateway applications
- Completely customizable using configuration files
- No limit on the number of network interfaces
- Allows you to partitions the network into zones and gives you complete control over the connections
permitted between each pair of zones
- Multiple interfaces per zone and multiple zones per interface permitted
- Supports nested and overlapping zones
- Flexible address management/routing support (and you can use all types in the same firewall):
Masquerading/SNAT
Port Forwarding (DNAT)
Static NAT
Proxy ARP
Simple host/subnet Routing
- Blacklisting of individual IP addresses and subnetworks is supported
- Operational support:
Commands to start, stop and clear the firewall
Wide variety of informational commands
- Support for Traffic Control/Shaping integration
|