\ \ \ \ \ __ __ ___\\ \
\ \__\ \_\ \ \ \ \ \=___\ \__
\___\\_____\ \_\ \_____\\___\ W A L L
Firewall Builder Tool
FEATURES
TRAFFIC CONTROL
- flexible control over traffic using rule set
- user-defined protocols support
- support for any kind multiple external and internal interaces (and aliases)
- automated MASQUERADE / SNAT support
- easy to set up DNAT (redirections to LAN/DMZ etc.)
- rate limit extensions
- packet marking for 3rd party shapers
- TOS (Type of Service) optimizing
- both passive and active FTP support
- DHCP support
- can work as "workstation" firewall
SECURITY
- stateful TCP connection tracking with restrictive TCP chain
- blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA)
- blocking IP protocol scans (nmap -sO)
- blocking UDP scans (nmap -sU)
- blocking identification via TCP/IP fingerprinting (nmap -O)
- anti-spoof protection, including protection for aliases
- anti-smurf protection
- TCP SYN Flood protection
- UDP / ICMP Flood protection
- IANA reserved addresses checking
- SYSCTL parameters set for increased strength
LOGGING
- logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
MISCELANOUS
- autodetect of connection type (static/dynamic, external/internal)
- auto update of firewall tool
- auto update IANA reserved list
- display firewall statistics in iptables native, csv or html format
- easy deployment on all distributions
2004 - Tomek Lutelmowski <tomek at lutel dot pl>