Features

Easy setup of a small but efficient "Personal Firewall".

Nice overview of the configuration.

Import/Export of rule sets to ease the setup of large networks.

Easy-to-use GUI interface for most common setups.

An advanced interface for complex rule sets as needed by routers

Preconfigured rulesets for most common setups.

Integrated Install scripts for automatic execution during booting.

Plugin framowork that allows easy and fast development of new features.

Plugin framowork that allows easy and fast development of new features.

Zone/Host based rule creation.

No portnumbers need to be known.

NAT and simple network router support.

Support for special hosts e.g. trusted banned etc.

Rule inheritance can be enabled/disabled for nested notwork zones.

Operating system and backend independet. (Currently only Linux is supported but OpenBSD should follow soon)

XML based iptables command generation engine that allows to be extended by plugins providing a description about the new option.

State full packet filtering.

IP, MAC, Protocol, ROS and Interface based filtering

Limiting packet matches (avoids DoS attacks)

Logging of dropped packets

View running IP Tables configuration

NAT (SNAT, DNAT) configuration (Masquerading)

User defined Chains

MANGLE configuration

Undo/Redo