Arno's IPTABLES Firewall Script is a secure stateful firewall for both single and multi-homed machines. It supports NAT and SNAT, port forwarding, ADSL ethernet modems with both static and dynamically assigned IPs, MAC address filtering, stealth port scan detection, DMZ support, protection against SYN/ICMP flooding, experimental IPv6 support, multi-interface/aliased-IP support, and extensive user definable logging with rate limiting to prevent log flooding. It has plugin support to add extra features (like SSH Brute Force protection and (Racoon) IPSEC support). It is easy to configure and highly customizable. A filter script that makes your firewall log more readable is also included. License: GNU General Public License (GPL) Changes: Setting of /proc/.../ conntrack was fixed for newer kernels. A typo in $REJECT_TCP_NOLOG was corrected. DEFAULT values in the helper parsing functions that were causing things like simple port forwards to not work were fixed. Missing default values for the source hosts in the NAT port forwards were fixed. Several regressions were fixed in the NAT forwarding rules along with a regression bug in the module_probe() function. Several regression fixes were made in the sanity_check() interface. Minor cosmetic changes were made.

	Read more at FreshMeat
	www.pheedo.com/click.phdo?i=cd5d16932a9ac7a3e8770b09a3c8c666