Fwctl is a module to configure the Linux kernel packet filtering firewall using higher level abstraction than rules on input, output and forward chains. It supports masquerading and accounting as well. Why Fwctl ? Well, say you are the kind of parano...

The Fwctl::Report(3) module can be used to generate various reports from the output of the fwctllog program. This module generates two kinds of report "summary" and <report>. The summary compiles the number of occurence for an item (source, destinati...

This module contains primitives to add sets of rules to the Linux packet filtering firewall implementing a particular policy. It is used primarly by service modules. The module handle all the special cases for when the src or dst interface is ANY, wh...

The Fwctl::AcctReport(3) module can be used to generate packet and bandwith report from the data generated by the "fwctl dump-acct" command. This module can be used as backend for two kinds of report. Summary which compiles the total number of packet...

The rsh module handles the remote shell protocol....

The ftp module is used to handle the FTP protocol. By default it handles both PORT and PASV based protocol. If maquerading is asked for, it also loads the proper kernel module....

This module enable NTP traffic between two NTP servers. If you use the *client* option, it will use UNPRIVILEGED_PORTS for the SourcePort to enable ntp clients like ntpdate....

The lpd modules handles the LP protocol. It permits a tcp connection from the privileged 512 through 1023 to the printer port (515). You can use the local_port option to specifies another range of port....

The all module is used to match any IP traffic. It can be used for accounting all traffic between nets or to create bazooka sized hole in our filters. Needless to say that accept all is not a really secure use of this module....

This module is used to handle the DHCP protocol. It adds rules to handle the special addresses used by the DHCP protocol. Since DHCP is a broadcast based protocol restricted to local segment, so which by definition doesn't cross a firewall, who would...

The http module is used to control traffic which should be part of an HTTP connection. It use the option *port* which should contains a comma separated list of port which are open for TCP connections. Defaults to 80. THIS IS NOT A PROXY. It only open...

This module will implements the rules to accept/block/account the PPTP tunnelling protocol. In order to be able to masquerade that protocol, you will need a kernel with the generic protocol masquerade patch applied. See ftp://ftp.rubyriver.com/pub/jh...

The ping module manages rules for the ICMP echo-request and echo-reply types used by the ping program....

This module handles the SNMP protocol. Its handles SNMP broadcast if dst is in the same network as src, SNMP traffic between source and destination, as well as snmp-trap from destination to source. Since I don't really know the internals of the SNMP ...

This module will implements the rules to accept/block/account the IPSec tunnelling protocol. In order to be able to masquerade that protocol, you will need a kernel with the IPSec masquerade patch applied. See ftp://ftp.rubyriver.com/pub/jhardin/masq...

The timed module is used to handle the timed time synchronization protocol. This modules takes care of the broadcast part of the protocol and the ICMP part....

This module can be use to add rules for other IP protocols than UDP, TCP or ICMP. Use the --protocol option to specify the protocol....

This modules handles syslog traffic. Syslog traffic is unidirectional UDP message from client to server....

This module handle the NetBios-NS, NetBios-DGM and NetBios-SSN part of the NetBIOS protocols. Its primary use is to reduce log clutter when servicing a Windows Internal Network....

The hylafax module is used to handle the HylaFAX protocol which is a variant of the FTP protocol....