IP-Array is a Linux iptables firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, traffic shaping (creation of custom HTB and SFQ qdiscs, classes, and filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP. License: GNU General Public License (GPL) Changes:
Important bugs were fixed. iptables rule processing has been completely rewritten. The rule block definition is now template-based. This new core will allow very flexible rule definitions in upcoming releases. No configuration changes are necessary after upgrading. Performance was improved. There were other minor feature updates.