The IP filtering and NAT (Network Address Translation) io-pkt* module
is a dynamically loadable TCP/IP stack module.
The
lsm-pf-*.so
module provides high-efficiency firewall services and includes such features as:
- rule grouping—to apply different groups of rules to different packets
- stateful filtering—an optional configuration to allow
packets related to an already authorized connection to
bypass the filter rules
- NAT—for mapping several internal addresses into
a public (Internet) address, allowing several internal
systems to share a single Internet IP address.
- proxy services—to allow ftp,
netbios, and H.323 to use NAT
- port redirection—for redirecting incoming
traffic to an internal server or to a pool of servers.
The IP filtering and NAT rules can be added or deleted
dynamically to a running system. Logging services
are also provided with the suite of utilities to monitor and
control this module.