Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files.

Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.

Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Shorewall is not a daemon. Once Shorewall has configured Netfilter, it's job is complete and there is no "Shorewall process" left running in your system.

Here are some key features of "Shoreline Firewall":

· Uses Netfilter's connection tracking facilities for stateful packet filtering.
· Can be used in a wide range of router/firewall/gateway applications .
· Completely customizable using configuration files.
· No limit on the number of network interfaces.
· Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones.
· Multiple interfaces per zone and multiple zones per interface permitted.
· Supports nested and overlapping zones.
· QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly
· A GUI is available via Webmin 1.060 and later (http://www.webmin.com)
· Extensive documentation in available in both XML and HTML formats.
Flexible address management/routing support (and you can use all types in the same firewall):
· Masquerading/SNAT.
· Port Forwarding (DNAT).
· One-to-one NAT.
· Proxy ARP.
· NETMAP (requires a 2.6 kernel or a patched 2.4 kernel).
· Blacklisting of individual IP addresses and subnetworks is supported.
· Operational Support.
· Commands to start, stop and clear the firewall
· Supports status monitoring with an audible alarm when an ��interesting�packet is detectez.
· Wide variety of informational commands.
· VPN Support.
· IPSEC, GRE, IPIP and OpenVPN Tunnels.
· PPTP clients and Servers.
· Support for Traffic Control/Shaping integration (although Shorewall itself contains no Traffic/Bandwidth control facilities).
· Wide support for different GNU/Linux Distributions.
· RPM and Debian packages available.
· Includes automated install, upgrade, fallback and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages.
· Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash).
· Media Access Control (MAC) Address Verification.
· Traffic Accounting.
· Bridge/Firewall support (requires a 2.6 kernel or a patched 2.4 kernel).

What's New in This Release: [ read full changelog ]

· In addition to correcting several problems, this release offers additional options for handling multiple WAN interfaces as well as providing transparent support for the xtables-addons version of ipp2p.