Additional Features (cont)

Save/Restore NAT/State tables between reboots, (see ipfs(8), and rc.conf(5) in FreeBSD 5.0-current)
Turn on automatic anti-spoofing rules with a sysctl variable. Uses the routing table as a means to check where addresses are supposed to be
Currently in alpha/beta testing (will be included in 4.0):
- keeping NAT/State tables in sync over multiple systems
- scanning inside payload (e.g. drop port 80 connection if it doesn't start with "GET")

Save/Restore NAT/State tables between reboots, (see ipfs(8), and rc.conf(5) in FreeBSD 5.0-current)