Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful as well as easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls.
Sanewall can be used for almost any firewall need, including:
- control of any number of internal/external/virtual interfaces
- control of any combination of routed traffic
- setting up DMZ routers and servers
- all kinds of NAT
- providing strong protection (flooding, spoofing, etc.)
- transparent caches
- source MAC verification
- blacklists, whitelists
The current experimental snapshotssupport IPv6. Sanewall abstracts the differences between IPv4 and IPv6, allowing you to define a common set of rules for both whilst permitting specific rules for each as you need.
Sanewall is a fork of FireHOL. The configuration language is identical, just see this FAQ for some variable name changes. For now the FireHOL website is still the best source of introductory information.
Sanewall is released under the GPLv2+open source licence.