Design Philosophy Secure, robust packet filtering stateful tracking based on Guido van Rooij's paper: http://www.madison-gurkha.com/publications/tcp_filtering/ Packet normalisation Filtering on all the normal things, and some abnormal things Many DoS mitigation techinques Failover support via CARP, pfsync IPSec failover via pfsync and sasyncd