STATEFUL INSPECTION FIREWALL
“A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.”
The firewall can filter traffic on source, destination and protocol as well as port on number (TCP/UDP).
Operating System Fingerprinting
Advanced passive OS fingerprinting technology can be used to allow or block traffic based by the Operating System initiating the connection.
Policy based routing
With policy based routing it is possible to add a gateway to a rule and effectively change the standard routing of matching traffic.
Per rule log matching
Each rule can be set to log a match, this also allows for easy add of a block or pass rule through the firewall rule log module.
Alias support, grouping and naming
Aliases help to keep your firewall ruleset clean and easy to understand, in environments with multiple public IPs and numerous servers.
Transparent Layer 2
Bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (filtering bridge)
Granular state table control
Adjustable state table size, ability to limit traffic per rule based on simultaneous connections, states per host & new connections per second as well as define state timeout and state type.
Pure router mode
By disabling the packet filtering the system can be turned into a pure router.
Screenshot OPNsense Stateful Firewall
Your Next Firewall is Open Source !
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.
OPNsense is licensed under an Open Source Initiative approved license. OPNsense is and will be available with the simple 2-clause BSD license.