Shoreline Firewall, more commonly known as "Shorewall," is an open source, free and high-level command-line firewall, router or gateway software for configuring Netfilter via entries in a set of configuration files. Keep in mind that Shorewall is not designed to act as a daemon, as it can only be used to configure Netfilter.
Features at a glance
Key features include stateful packet filtering, supports an unlimited number of network interfaces, allows users to partition their network into zones, allows multiple zones per interface and multiple interfaces per zone, supports overlapping and nested zones, masquerading/SNAT, port forwarding (DNAT), one-to-one NAT, proxy ARP, and NETMAP.
Additionally, the software supports centralized firewall administration, features a web-based user interface via the powerful Webmin software, offers flexible address routing and management capabilities, traffic accounting, operational support, status monitoring, bridge/firewall support, as well as comprehensive documentation.
Supports many virtualization solutions
Shoreline Firewall also supports blacklisting of individual IP addresses, operational support, VPN support, Media Access Control (MAC) address verification, support for IPSEC, IPIP, OpenVPN, and GRE tunnels, and supports a wide range of virtualization solutions, including the popular VirtualBox, Xen, KVM, OpenVZ, LXC and Linux-Vserver.
Supports IPv4 and IPv6
Both IPv6 and IPv4 network protocols are supported by Shorewall, which can be downloaded from Softpedia in two editions, one for the IPv4 Internet protocol and another one for IPv6, as universal tarballs, running on both 64-bit and 32-bit hardware platforms. In addition, the program comes with a vast amount of informational commands.
Most GNU/Linux distros are supported
The application is officially supported on a wide range of GNU/Linux platforms, including Debian, openSUSE, Trustix, TurboLinux, SuSE Enterprise Linux Desktop, SuSE Enterprise Linux Server, Linux PPC, Fedora, Red Hat Enterprise Linux, Arch Linux, Slackware, LEAF/Bering, and any other RPM- or DEB-based operating system.