Editor: IPFilter is a software package that can be used to provide network address translation (NAT) or firewall services. To use, it can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required.
The firewall can:
explicitly deny/permit any packet from passing through
distinguish Between various Interfaces
and can match on the follow IP header fields:
source/destination IP address (including inverted matches)
IP protocol
TOS (Type of Service)
any of the 19 IP options or 8 registered IP Security classes
Fragments (if it is or isn't) .
