Shorewall Features

• Uses Netfilter's connection tracking facilities for stateful packet filtering.
• Can be used in a wide range of router/firewall/gateway applications.
  • Completely customizable using configuration files.
  • No limit on the number of network interfaces.
  • Allows you to partitions the network into zones and gives you complete control over the connections permitted between each pair of zones.
  • Multiple interfaces per zone and multiple zones per interface permitted.
  • Supports nested and overlapping zones.
• QuickStart Guides to help get your first firewall up and running quickly
• Extensive documentation included in the .tgz and .rpm downloads.
• Flexible address management/routing support (and you can use all types in the same firewall):
  • Masquerading/SNAT
  • Port Forwarding (DNAT).
  • Static NAT.
  • Proxy ARP.
  • Simple host/subnet Routing
• Blacklisting of individual IP addresses and subnetworks is supported.
• Operational support:
  • Commands to start, stop and clear the firewall
  • Supports status monitoring with an audible alarm when an "interesting" packet is detected.
  • Wide variety of informational commands.
• VPN Support
  • IPSEC, GRE and IPIP Tunnels.
  • PPTP clients and Servers.
• Support for Traffic Control/Shaping integration.
• Wide support for different GNU/Linux Distributions.
  • RPM and Debian packages available.
  • Includes automated install, upgrade, fallback and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages.
  • Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash).
• Media Access Control (MAC) Address Verification
  
  

Last updated 11/09/2002 - Tom Eastep

Copyright © 2001,2002 Thomas M. Eastep.