LutelWall
LutelWall (formerly known as Lutel Firewall) is high-level linux firewall configuration tool. It uses human-readable and easy to understand configuration to set up Netfilter in most secure way. Its flexibility allows firewall admins build from very simple, single-homed firewalls, to most complex ones - with multiple subnets, DMZ's and traffic redirections. It can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone system. Configuration method of this firewall is designed to be as simple as possible without loosing Netfilter flexibility and its security features.
Traffic features: flexible control over traffic using rule set user-defined protocols support support for any kind multiple external and internal interaces (and aliases) automated MASQUERADE / SNAT support easy to set up DNAT (transparent proxy, redirections to LAN/DMZ etc.) rate limit extensions packet marking for 3rd party shapers TOS (Type of Service) traffic optimizer both passive and active FTP support DHCP support can work as "workstation" firewall
Security features: stateful TCP connection tracking with restrictive TCP chain blocking all stealth mode scans (FIN, Xmas Tree, Null, Windows scan or ACK scan modes (nmap -sF -sX -sN -sW -sA) blocking IP protocol scans (nmap -sO) blocking UDP scans (nmap -sU) blocking identification via TCP/IP fingerprinting (nmap -O) anti-spoof protection, including protection for aliases anti-smurf protection TCP SYN Flood protection UDP / ICMP Flood protection IANA reserved addresses checking SYSCTL parameters set for increased strength
Logging features: logging stealth scans (FIN, Xmas Tree, Null), ACK scan modes (nmap -sF -sX -sN), IP protocol scans (nmap -sO), UDP scans (nmap -sU), nmap fingerprinting attempts.
Other features: autodetect of connection type (static/dynamic, external/internal) auto update of firewall tool auto update IANA reserved list display firewall statistics in iptables native, csv or html format easy deployment on all distributions