A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.” - source:


The firewall can filter traffic on source, destination and protocol as well as port on number (TCP/UDP).

Operating System Fingerprinting (OSFP)

Advanced passive OS fingerprinting technology can be used to allow or block traffic based by the Operating System initiating the connection.

Log matching firewall traffic on a per rule bases

Each rule can be set to log a match, this also allows for easy add of a block or pass rule through the firewall rule log module.

Policy based routing by per rule gateway

With policy based routing it is possible to add a gateway to a rule and effectively change the standard routing of matching traffic.

Alias support for grouping and naming IPs, networks and ports

Aliases help to keep your firewall ruleset clean and easy to understand, in environments with multiple public IPs and numerous servers.

Transparent layer 2 firewall capable

Bridge interfaces and filter traffic between them, even allowing for an IP-less firewall.

Granular state table control

Adjustable state table size, ability to limit traffic per rule based on simultaneous connections, states per host & new connections per second as well as define state timeout and state type.

Disable packet filtering

This option can be used to turn the system in to a pure router