Shorewall Features
Tom
Eastep
2003-11-13
2001-2003
Thomas M Eastep
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
Features
Uses Netfilter's connection tracking facilities for stateful
packet filtering.
Can be used in a wide range of
router/firewall/gateway applications .
Completely customizable using configuration files.
No limit on the number of network interfaces.
Allows you to partitions the network into zones and gives you complete
control over the connections permitted between each pair of zones.
Multiple interfaces per zone and multiple zones per
interface permitted.
Supports nested and overlapping zones.
QuickStart Guides
(HOWTOs) to help get your first firewall up and running
quickly
A GUI is available via Webmin
1.060 and later (http://www.webmin.com)
Extensive documentation
included in the .tgz and .rpm downloads.
Flexible address management/routing
support (and you can use all types in the same firewall):
Masquerading/SNAT.
Port Forwarding (DNAT).
One-to-one NAT.
Proxy ARP.
Blacklisting
of individual IP addresses and subnetworks is supported.
Operational
Support.
Commands to start, stop and clear the firewall
Supports status monitoring with an audible alarm when an
"interesting" packet is detected.
Wide variety of informational commands.
VPN Support.
IPSEC, GRE, IPIP and
OpenVPN Tunnels.
PPTP clients and Servers.
Support for Traffic
Control/Shaping integration.
Wide support for different GNU/Linux
Distributions.
RPM and Debian
packages available.
Includes automated install,
upgrade, fallback and uninstall facilities for users who
can't use or choose not to use the RPM or Debian packages.
Included as a standard part of LEAF/Bering
(router/firewall on a floppy, CD or compact flash).
Media Access Control (MAC)
Address Verification.
Traffic Accounting.