 __   __  ______________ __
 \ \  \ \ \  __  __  ___\\ \
  \ \__\ \_\ \ \ \ \ \=___\ \__  
   \___\\_____\ \_\ \_____\\___\  W A L L
   
    Firewall Builder Tool
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  FEATURES
  ============

TRAFFIC CONTROL

 * flexible control over traffic using rule set
 * user-defined protocols support
 * support for any kind multiple external and internal interaces (and aliases)
 * automated MASQUERADE / SNAT support
 * easy to set up DNAT (redirections to LAN/DMZ etc.)
 * rate limit extensions
 * packet marking for 3rd party shapers
 * TOS (Type of Service) optimizing
 * both passive and active FTP support
 * DHCP support
 * can work as "workstation" firewall

SECURITY
 
 * stateful TCP connection tracking with restrictive TCP chain
 * blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan 
   or ACK scan modes (nmap -sF -sX -sN -sW -sA)
 * blocking IP protocol scans (nmap -sO)
 * blocking UDP scans (nmap -sU)
 * blocking identification via TCP/IP fingerprinting (nmap -O)
 * anti-spoof protection, including protection for aliases
 * anti-smurf protection
 * TCP SYN Flood protection
 * UDP / ICMP Flood protection
 * IANA reserved addresses checking
 * SYSCTL parameters set for increased strength
 
LOGGING

 * logging stealth scans (FIN, Xmas Tree, Null), 
   ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), 
   UDP scans (nmap -sU), nmap fingerprinting attempts.
 
MISCELANOUS

 * autodetect of connection type (static/dynamic, external/internal)
 * auto update of firewall tool
 * auto update IANA reserved list
 * display firewall statistics in iptables native, csv or html format
 * easy deployment on all distributions
 
------------------------------------------------------------

2004 - Tomek Lutelmowski <tomek at lutel dot pl>
