Shorewall
The Shoreline Firewall, more commonly known as "Shorewall", is
an
open source firewall tool that builds upon the Netfilter
(iptables/ipchains) system built into the Linux kernel, making it
easier to manage more complex configuration schemes.
Shorewall
reads configuration files and with the help of the iptables utility,
Shorewall then configures Netfilter
to match your requirements.
Shorewall
can be used on a dedicated firewall system, a multi-function
gateway/router/server or on a standalone Linux system.
Features include:
- Uses Netfilter's
connection tracking facilities for stateful packet filtering
- Can be used in a wide range of router/firewall/gateway
applications
- Completely customizable using configuration files
- No limit on the number of network interfaces
- Allows
you to partition the network into zones and gives you complete control
over the connections permitted between each pair of zones
- Multiple interfaces per zone and multiple zones per
interface permitted
- Supports nested and overlapping zones
- A Graphical User Iinterface is available via Webmin 1.060
and later
- Extensive documentation is available in both Docbook XML
and HTML formats
- Flexible address management/routing support (and you can
use all types in the same firewall)
- Masquerading/SNAT
- Port Forwarding (DNAT)
- One-to-one NAT
- Proxy ARP
- NETMAP (requires a 2.6 kernel or a patched 2.4 kernel)
- Multiple ISP support
- Blacklisting of individual IP addresses and subnetworks is
supported
- Operational Support:
- Commands to start, stop and clear the firewall
- Supports status monitoring with an audible alarm when an
“interesting” packet is detected
- Wide variety of informational commands
- VPN Support
- IPSEC, GRE, IPIP and OpenVPN Tunnels
- PPTP clients and Servers
- Support for Traffic Control/Shaping
- Media Access Control (MAC) Address Verification
- Traffic Accounting
- Bridge/Firewall support
Return
to Security Home Page
Last Updated Monday, May 05 2008 @ 08:10 AM EDT
| 
