Shorewall Features

bulletUses Netfilter's connection tracking facilities for stateful packet filtering.
bulletCan be used in a wide range of router/firewall/gateway applications.
bulletCompletely customizable using configuration files.
bulletNo limit on the number of network interfaces.
bulletAllows you to partitions the network into zones and gives you complete control over the connections permitted between each pair of zones.
bulletMultiple interfaces per zone and multiple zones per interface permitted.
bulletSupports nested and overlapping zones.
bullet QuickStart Guides to help get your first firewall up and running quickly
bulletExtensive documentation included in the .tgz and .rpm downloads.
bulletFlexible address management/routing support (and you can use all types in the same firewall):
bulletMasquerading/SNAT
bulletPort Forwarding (DNAT).
bullet Static NAT.
bullet Proxy ARP.
bulletSimple host/subnet Routing
bulletBlacklisting of individual IP addresses and subnetworks is supported.
bulletOperational support:
bulletCommands to start, stop and clear the firewall
bulletSupports status monitoring with an audible alarm when an "interesting" packet is detected.
bulletWide variety of informational commands.
bulletVPN Support
bulletIPSEC, GRE and IPIP Tunnels.
bulletPPTP clients and Servers.
bulletSupport for Traffic Control/Shaping integration.
bulletWide support for different GNU/Linux Distributions.
bulletRPM and Debian packages available.
bulletIncludes automated install, upgrade, fallback and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages.
bulletCompatible with 2.4-kernel based versions of LEAF .

Last updated 7/14/2002 - Tom Eastep

Copyright © 2001,2002 Thomas M. Eastep.