FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
Re: Great tool!
> Even for beginners it is definitly worth
> some things are missing though, MARKs
> for QoS, and ULOG support is only
> available via iptables commands. that
> needs some work. otherwise a really
> great approach to iptable configs!
MARKs are there - check the "mark" helper.
ULOG is in the CVS.