Features
  • Very secure stateful filtering firewall
  • It can be used for both single- and multi(eg. dual)-homed boxes
  • Masquerading (NAT) and SNAT support
  • Full IPv6 support (including IPv4 / IPv6 mixed mode support)
  • Multiple external (internet) interfaces
  • Support multiroute NAT & SNAT (load balancing over multiple (internet) interfaces)
  • Port forwarding (NAT)
  • Support MAC address filtering
  • Support for static and ISP assigned (DHCP) IPs
  • Support for (transparent) proxies
  • Full support for DMZ's and DMZ-2-LAN forwarding. You can also use it to isolate your eg. wireless LAN.
  • (Nmap)(stealth) portscan detection
  • Protection against SYN-flooding (DoS attacks)
  • Protection against ICMP-flooding (DoS attacks)
  • Extensive user-definable logging with rate limiting to prevent log flooding
  • Includes options to optimize your throughput
  • User definable open ports, closed ports, trusted hosts, blocked hosts etc.
  • Log & protection options are both highly customizable
  • Support for custom iptables rules in a seperate file
  • It can be used with chkconfig runlevel system (eg. RedHat/Fedora)
  • Main focus on TCP/UDP/ICMP but additional support for *ALL* IP protocols
  • Plugin support (to add extra features).
  • SSH Brute Force (Cracking) Protection (plugin)
  • DynDNS (Dynamic DNS) support (plugin)
  • Intrusion Detection System (IDS) (plugin)
  • Traffic Shaping (plugin)
  • SIP/VOIP support (plugin)
  • Traffic Accounting support (plugin)
  • IPSEC support (plugin)
  • Support for DSL/ADSL modems, supporting PPPoE, PPPoA and bridging modem setups  (plugin)
  • It works with PoPTop PPTP (http://www.poptop.org)
  • It works with UPnP
  • DRDOS protection/detection (experimental)
  • It's easy to install & configure
  • And much more...