SmallWall provides many of the features of expensive commercial firewalls, and some you won't find in any commercial firewalls, including:
Web interface (supports SSL, and optional imported certificates)
Standard or serial console interface for recovery
(Re)Set LAN IP address
Reset password
Restore factory defaults
Reboot system
Wireless support (access point with PRISM-II/2.5 cards, BSS/IBSS with other cards including Cisco)
Stateful packet filtering
Firewall block/pass rules
Logging
NAT/PAT (including 1:1)
DHCP client, PPPoE and PPTP support on the WAN interface
IPsec VPN tunnels (IKE; with support for hardware crypto cards and mobile clients)
PPTP VPN (with RADIUS server support)
L2TP VPN tunnels (IKE; with support for hardware crypto cards)
Static routes
DHCP server
Caching DNS forwarder
DynDNS client
SNMP agent
Traffic shaper (with wizard)
Firmware upgrade through the web browser
Configuration backup/restore (of text configuration file)
Host and network aliases
SmallWall contains the following software components:
FreeBSD components (kernel, user programs)
ipfilter
PHP (CGI version)
thttpd
MPD
ISC DHCP server
ez-ipupdate (for Dynamic DNS updates)
Dnsmasq (for the caching DNS forwarder)
racoon (for IPsec IKE and L2TP)
The SmallWall system currently takes up less than 16 MB on a Compact Flash card or CD-ROM.
On a net4501, SmallWall provides a WAN <-> LAN TCP throughput of about 17 Mbps, including NAT, when run with the default configuration. On faster platforms (like net4801 or WRAP), throughput in excess of 50 Mbps is possible. Speeds of 600 Mbps up to gigabit speeds with newer standard PCs and the newer Atom motherboards.
On a typical system, SmallWall boots to a fully working state in less than 60 seconds after power-up, including POST (with a properly configured BIOS).