IP filtering and NAT

The IP filtering and NAT (Network Address Translation) io-pkt* module is a dynamically loadable TCP/IP stack module.

The lsm-pf-*.so module provides high-efficiency firewall services and includes such features as:

  • rule grouping—to apply different groups of rules to different packets
  • stateful filtering—an optional configuration to allow packets related to an already authorized connection to bypass the filter rules
  • NAT—for mapping several internal addresses into a public (Internet) address, allowing several internal systems to share a single Internet IP address.
  • proxy services—to allow ftp, netbios, and H.323 to use NAT
  • port redirection—for redirecting incoming traffic to an internal server or to a pool of servers.

The IP filtering and NAT rules can be added or deleted dynamically to a running system. Logging services are also provided with the suite of utilities to monitor and control this module.