Please see http://firehol.org/ for up-to-date releases and information. FireHOL is a stateful iptables packet filtering firewall configurator. It is abstracted, extensible, easy and powerful. It can handle any kind of firewall, but most importantly, it gives you the means to configure it, the same way you think of it.
- stateful packet filtering via netfilter (iptables) connection tracking
- bidirectional firewall (protects you from outside but also enforces policy for internet usage to your clients)
- high level configuration - you write does the obvious, the rest are handled by firehol
- unlimited number of firewalling rules
- unlimited number of interfaces
- unlimited number of firewalling zones, which can be defined using a dynamic set of criteria (including nested ones)
- supports all kinds of NAT (MASQ, SNAT, DNAT, REDIRECT, etc)
- supports transparent proxies (which can be applied on all or subsets of the clients, the servers, or the local machine users)
- cooperates with VPN software (GRE, IPIP, IPSEC, OpenVPN) and allows PPTP clients and servers
- extensible via plugin modules
- firewalling rules can use any matching criteria (IPs, ports, protocols, etc), including any netfilter module available
Best way to manage IP tables bar none with great developer support.
Easy to configure, statefull - great!
Great product, much simpler than directly working with iptables. But, it is not trivial. If you use the examples (there are a lot) its easy, but if you have to come up with your own solution, you still need to understand the concept of routing quite well.