Shorewall Features
- Can be used in a wide range of router/firewall/gateway applications.
Completely customizable using configuration files.
No limit on the number of network interfaces.
Allows you to partitions the network into zones and gives you complete control over the connections permitted between each pair of zones.
Multiple interfaces per zone and multiple zones per interface permitted.
Supports nested and overlapping zones.
- A QuickStart Guide to help get your first firewall up and running quickly
- Extensive documentation
- Flexible address management/routing support (and you can use all types in the same firewall):
Masquerading/SNAT
Port Forwarding (DNAT).
Static NAT.
Proxy ARP.
Simple host/subnet Routing
- Blacklisting of individual IP addresses and subnetworks is supported.
- Operational support:
Commands to start, stop and clear the firewall
Supports status monitoring with an audible alarm when an "interesting" packet is detected.
Wide variety of informational commands.
- VPN Support
IPSEC, GRE and IPIP Tunnels.
PPTP clients and Servers.
- Support for Traffic Control/Shaping integration.
- Wide support for different GNU/Linux Distributions.
RPM and Debian packages available.
Includes automated install, upgrade, fallback and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages.
Compatible with 2.4-kernel based versions of LEAF.
Quotes from Users