Sanewall is a firewall builder for Linux which uses an elegant language
abstracted to just the right level. This makes it powerful as well as easy
to use, audit, and understand. It allows you to create very readable
configurations even for complex stateful firewalls.
Sanewall can be used for almost any firewall need, including:
- control of any number of internal/external/virtual interfaces
- control of any combination of routed traffic
- setting up DMZ routers and servers
- all kinds of NAT
- providing strong protection (flooding, spoofing, etc.)
- transparent caches
- source MAC verification
- blacklists, whitelists
The currentexperimental snapshots
support IPv6. Sanewall abstracts the differences between IPv4 and IPv6,
allowing you to define a common set of rules for both whilst permitting
specific rules for each as you need.
Sanewall is a fork ofFireHOL.
The configuration language is identical, just seethis FAQ for some variable name changes.
For now theFireHOL website
is still the best source of introductory information.
Sanewall is released under the GPLv2+open source licence.