Shoreline Firewall, more commonly known as "Shorewall", is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files.
Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system.
Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.
Shorewall is not a daemon. Once Shorewall has configured Netfilter, it's job is complete and there is no €œShorewall process€� left running in your system.
Here are some key features of "Shoreline Firewall":
· Uses Netfilter's connection tracking facilities for stateful packet filtering.
· Can be used in a wide range of router/firewall/gateway applications .
- Completely customizable using configuration files.
- No limit on the number of network interfaces.
- Allows you to partition the network into zones and gives you complete control over the connections permitted between each pair of zones.
- Multiple interfaces per zone and multiple zones per interface permitted.
- Supports nested and overlapping zones.
· QuickStart Guides (HOWTOs) to help get your first firewall up and running quickly
· A GUI is available via Webmin 1.060 and later (http://www.webmin.com)
· Extensive documentation in available in both XML and HTML formats.
· Flexible address management/routing support (and you can use all types in the same firewall):
- Masquerading/SNAT.
- Port Forwarding (DNAT).
- One-to-one NAT.
- Proxy ARP.
- NETMAP (requires a 2.6 kernel or a patched 2.4 kernel).
· Blacklisting of individual IP addresses and subnetworks is supported.
· Operational Support.
- Commands to start, stop and clear the firewall
- Supports status monitoring with an audible alarm when an €œinteresting€� packet is detectez.
- Wide variety of informational commands.
· VPN Support.
- IPSEC, GRE, IPIP and OpenVPN Tunnels.
- PPTP clients and Servers.
· Support for Traffic Control/Shaping integration (although Shorewall itself contains no Traffic/Bandwidth control facilities).
· Wide support for different GNU/Linux Distributions.
- RPM and Debian packages available.
- Includes automated install, upgrade, fallback and uninstall facilities for users who can't use or choose not to use the RPM or Debian packages.
- Included as a standard part of LEAF/Bering (router/firewall on a floppy, CD or compact flash).
· Media Access Control (MAC) Address Verification.
· Traffic Accounting.
· Bridge/Firewall support (requires a 2.6 kernel or a patched 2.4 kernel). | 
