APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.
We support this package on Red Hat 7.3, 9.0, RHEL/CentOS, and Fedora servers.
Summary of features:
global ports configurtion via simple config file
configurable policies for each ip on the system [global config overrides]
powerfull postrouting rules for FWMARK and TOS
plug-in friendly for QoS [CBQ/HTB]
protocol based packet flow limiting
iptables string match rules ported from snort 2.0 signatures
antidos subsystem to stop attacks before they become a significant threat
dshield.org block list support to ban networks exhibiting suspicious activity
advanced set of sysctl parameters for TCP stack hardening
advanced set of filter rules to remove undesired traffic
easy to use firewall managment script
trust based rule files (allow/deny); with advanced syntax support