Features

 

  • It is fully compatible with nftables. The only required is that iptables-nft is installed

  • Very secure stateful filtering firewall

  • It can be used for both single- and multi(eg. dual)-homed boxes

  • Plugin support (to add extra features)

  • Masquerading (NAT) and SNAT support

  • Full IPv6 support (including IPv4 / IPv6 mixed mode support)

  • Multiple external (internet) interfaces

  • Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)

  • Port forwarding (NAT)

  • Support MAC address filtering

  • Support for DSL/ADSL modems

  • Support for PPPoE, PPPoA and bridging modem setups

  • Support for static and ISP assigned (DHCP) IPs

  • Support for (transparent) proxies

  • Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.

  • (Nmap)(stealth) portscan detection

  • Protection against SYN-flooding (DoS attacks)

  • Protection against ICMP-flooding (DoS attacks)

  • Extensive user-definable logging with rate limiting to prevent log flooding

  • Includes options to optimize your throughput

  • User definable open ports, closed ports, trusted hosts, blocked hosts etc.

  • Log & protection options are both highly customizable

  • Support for custom iptables rules in a seperate file

  • It can be used with chkconfig runlevel system (eg. RedHat/Fedora)

  • Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols

  • IPSEC support (via plugins for Freeswan and Racoon)

  • SSH Brute Force (Cracking) Protection (plugin)

  • It works with PoPTop PPTP (http://www.poptop.org)

  • It works with UPnP

  • DRDOS protection/detection (experimental)

  • It's easy to install & configure

  • And much more...