From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 28 Nov 2021 16:54:30 +0000 (+0000)
Subject: about: Add large feature matrix
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=321e89e694a7500b8831f11edb4425d8b239f220;p=ipfire.org.git

about: Add large feature matrix

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/templates/about.html b/src/templates/about.html
index 924d9df2..0a63667e 100644
--- a/src/templates/about.html
+++ b/src/templates/about.html
@@ -116,6 +116,323 @@
 					{% end %}
 				</div>
 			{% end %}
+
+			<!-- Talk about funding. Donations, how LWL supports the project -->
+		</section>
+	</div>
+
+	<div class="container">
+		<section>
+			<h3>{{ _("Features") }}</h3>
+
+			<div class="row row-cols-1 row-cols-md-2 row-cols-lg-3">
+				<div class="col mb-4">
+					IPFire is not only an app that you install, it is a whole operating
+					system based on Linux, hardened and tuned to the maximum to serve
+					as a firewall.
+					Regular updates help keeping even the hardest kind of hacker out.
+				</div>
+
+				<div class="col mb-4">
+					IPFire is being managed over a web user interface that is easy
+					to use, yet powerful.
+					Every feature is only one click away. Our detailed documentation
+					tells you how.
+				</div>
+
+				<div class="col mb-4">
+					The stateful inspection firewall that is working inside IPFire
+					is one of the fastest of its kind.
+					Configuration of even complex rulesets becomes easy with
+					groups for hosts and services on the network and help you
+					to keep things in order, even when it gets complicated.
+				</div>
+
+				<div class="col mb-4">
+					 Network segmentation is the key to a secure network.
+					 IPFire allows setting up a demilitarized zone (DMZ) on your
+					 network to control any threats from services that are being hosted
+					 on the internet.
+				</div>
+			</div>
+		</section>
+	</div>
+
+	<!-- any screenshots go here -->
+
+	<div class="container">
+		<section>
+			<a class="btn btn-primary btn-lg btn-block" href="/download">
+				{{ _("Download IPFire now. It's free!") }}
+			</a>
+		</section>
+
+		<section>
+			<div class="row text-muted small row-cols-1 row-cols-md-2 row-cols-lg-3">
+				<div class="col mb-4">
+					<h6>Network Security</h6>
+
+					<ul>
+						<li>Stateful inspection firewall</li>
+						<li>
+							Builtin network segmentation
+							<ul>
+								<li>Demilitarized Zone (DMZ)</li>
+								<li>Separate network for wireless devices/guest network</li>
+							</ul>
+						</li>
+						<li>Flexible rule creating with groups and visual aids</li>
+						<li>Intrusion Prevention System</li>
+						<li>
+							Rate Limiting to Protect Servers from DoS attacks
+							and Maximum Connection Limits
+						</li>
+						<li>SYN-flood Protection</li>
+						<li>Country-based Firewall Rules</li>
+						<li>Source and Destination NAT Rules</li>
+						<li>Time-based Firewall Rules</li>
+						<li>MAC address-based Firewall Rules</li>
+						<li>Blocking of P2P Networks</li>
+						<li>Connection Logging</li>
+					</ul>
+
+					<h6>Network Features</h6>
+
+					<ul>
+						<li>VLAN (802.1q)</li>
+						<li>Port Bridging</li>
+						<li>Spanning Tree Protocol Support</li>
+						<li>Wireless Access Point</li>
+						<li>Live Connection Tracking</li>
+						<li>Static Routes</li>
+						<li>Dynamic Routing with Bird or FRR using BGP/OSPF</li>
+						<li>
+							DHCP Server
+							<ul>
+								<li>Static Leases</li>
+								<li>DNS Update (RFC2136)</li>
+								<li>Support for DHCP Options</li>
+							</ul>
+						</li>
+						<li>Network Time Server (NTP)</li>
+						<li>Dynamic DNS Client with support for many providers</li>
+						<li>
+							Captive Portal
+							<ul>
+								<li>Terms &amp; Conditions or Coupon</li>
+								<li>Customizable to your corporate design</li>
+								<li>Coupon Code Export in PDF Format</li>
+								<li>Flexible Coupon Expiry Times</li>
+							</ul>
+						</li>
+						<li>Wake-on-LAN (WOL)</li>
+					</ul>
+
+					<h6>Web Proxy</h6>
+
+					<ul>
+						<li>Transparent Mode</li>
+						<li>Support for Upstream Proxies with Authentication</li>
+						<li>Advanced Logging</li>
+						<li>In Memory and on Disk Cache</li>
+						<li>
+							Network-based Access Control (ACL)
+							<ul>
+								<li>By IP Address</li>
+								<li>By MAC Address</li>
+								<li>Ban/Allow List</li>
+							</ul>
+						</li>
+						<li>Time-based Rules</li>
+						<li>Transfer Limits based on File Size</li>
+						<li>Download Throttling per Network Zone or Host</li>
+						<li>Anomaly Detection based on AS Information</li>
+						<li>MIME Type Filter</li>
+						<li>Classroom Extensions</li>
+						<li>Web Proxy Auto-Discovery Protocol (WPAD)</li>
+						<li>Proxy Auto-Config (PAC)</li>
+						<li>
+							Authentication
+							<ul>
+								<li>Local User Database</li>
+								<li>Microsoft Windows Active Directory</li>
+								<li>LDAP</li>
+								<li>RADIUS</li>
+							</ul>
+						</li>
+						<li>
+							Advanced Content Filtering
+							<ul>
+								<li>Blocklist-based Access Blocking</li>
+								<li>Support for Various Blocklist Providers</li>
+								<li>Automatic List Update</li>
+								<li>Custom Blocklists</li>
+								<li>Custom Allowlists</li>
+								<li>Custom Expression Lists</li>
+								<li>Filter by File Extension</li>
+								<li>Custom Error Page</li>
+							</ul>
+						</li>
+						<li>
+							Advanced Update Caching
+							<ul>
+								<li>Microsoft Windows</li>
+								<li>Apple Operating Systems</li>
+								<li>Adobe</li>
+								<li>Mozilla</li>
+								<li>
+									Various Anti-Virus Signatures including
+									Avast,
+									Avira,
+									AVG,
+									McAffee,
+									Trend Micro,
+									and Symantec
+								</li>
+							</ul>
+						</li>
+					</ul>
+				</div>
+
+				<div class="col mb-4">
+					<h6>WAN Features</h6>
+
+					<ul>
+						<li>Support for Fibre, DSL, Cable and 5G/4G/3G</li>
+						<li>Multiple Public IP Addresses</li>
+						<li>Automatic failover for dialup connections</li>
+						<li>User-Assignable MAC Address</li>
+					</ul>
+
+					<h6>VPN</h6>
+
+					<ul>
+						<li>
+							IPsec
+							<ul>
+								<li>Net-to-Net and Net-to-Host Mode</li>
+								<li>Support for IKEv2 and IKEv1</li>
+								<li>Public Key and Pre-Shared-Secret Authentication</li>
+								<li>
+									Encryption
+									<ul>
+										<li>AES (CBC, GCM)</li>
+										<li>ChaCha20-Poly1305</li>
+										<li>Camellia</li>
+										<li>3DES</li>
+									</ul>
+								</li>
+								<li>
+									Integrity
+									<ul>
+										<li>SHA2 512/384/256 Bit</li>
+										<li>AES XCBC</li>
+										<li>SHA1</li>
+										<li>MD5</li>
+									</ul>
+								</li>
+								<li>
+									Key Exchange
+									<ul>
+										<li>Curve-25519, Curve-448</li>
+										<li>NIST ECP-521, 384, 256, 224, or 192 Bit</li>
+										<li>Brainpool ECP-512, 384, 256, or 224 Bit</li>
+										<li>RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit</li>
+									</ul>
+								</li>
+								<li>Hardware-accelerated Encryption</li>
+								<li>Tunnel and Transport Mode</li>
+								<li>Encapsulation with GRE and VTI</li>
+								<li>Dead Peer Detection</li>
+								<li>Perfect Forward Secrecy</li>
+								<li>MOBIKE</li>
+								<li>On-demand mode</li>
+								<li>Payload Compression</li>
+								<li>Easy connection export to Apple Mac OS/iOS devices</li>
+							</ul>
+						</li>
+						<li>
+							OpenVPN
+							<ul>
+								<li>Net-to-Net and Net-to-Host Mode</li>
+								<li>Public Key Authentication</li>
+								<li>
+									Encryption
+									<ul>
+										<li>AES (CBC, GCM)</li>
+										<li>Camellia</li>
+										<li>SEED</li>
+										<li>DES/3DES</li>
+										<li>Blowfish</li>
+										<li>CAST5</li>
+									</ul>
+								</li>
+								<li>
+									Integrity
+									<ul>
+										<li>SHA2 512, 384, or 256 Bit</li>
+										<li>Whirpool</li>
+										<li>SHA1</li>
+									</ul>
+								</li>
+								<li>TLS Authentication</li>
+								<li>TLS Channel Protection</li>
+								<li>LZO Compression</li>
+								<li>Configuration Export/Import in ZIP Format</li>
+							</ul>
+						</li>
+					</ul>
+
+					<h6>Quality of Service (QoS)</h6>
+
+					<ul>
+						<li>Inbound &amp; Outbound Traffic Shaping</li>
+						<li>Latency Minimization</li>
+						<li>Classify Traffic by IP Address, Protocol, or Ports</li>
+						<li>Layer7 Protocol Detection</li>
+					</ul>
+				</div>
+
+				<div class="col mb-4">
+					<h6>Intrusion Prevention System</h6>
+
+					<ul>
+						<li>Live Deep Packet Analysis</li>
+						<li>Graphical Rule Editor</li>
+						<li>Support for Various Rule Providers</li>
+						<li>Automatic Ruleset Updates</li>
+					</ul>
+
+					<h6>DNS</h6>
+
+					<ul>
+						<li>Internal DNSSEC-validating DNS proxy</li>
+						<li>Caching for faster DNS response times</li>
+						<li>Local hostnames</li>
+						<li>DNS Forwarding for Zones</li>
+						<li>Configuration of multiple upstream DNS recursors</li>
+						<li>Recursor/Standalone Mode</li>
+						<li>DNS-over-TLS, TCP or UDP</li>
+						<li>SafeSearch</li>
+						<li>QNAME Minimization</li>
+					</ul>
+
+					<h6>Operating System</h6>
+
+					<ul>
+						<li>Comfortable Web User Interface in various languages</li>
+						<li>Simple One-Click Updates</li>
+						<li>Configuration Backup and Restore</li>
+						<li>Detailed System Health Reports and Graphs</li>
+						<li>Console Access with SSH</li>
+						<li>Serial Console</li>
+						<li>Hardware Vulnerability Reporting</li>
+						<li>Email Notifications</li>
+						<li>Remote Syslog</li>
+						<li>SNMP/Zabbix/Observium Monitoring</li>
+					</ul>
+				</div>
+			</div>
 		</section>
 	</div>
 {% end block %}