Is there other packet filter like Chx-i that can filter ip and non-ip packets? I am using WIPFW now, it can only filter ip traffics. Chx-i can filter ip & non-ip, but does not have options like WIPFW, such as ipoptions & tcpoptions filter.

I find that the SYN scan on scan test web site can be blocked by using rule of tcpoptions without mss with WIPFW, that's why I think packet filter with these options are better.

Another question, can the non-ip traffics cause harm to system?


WIPFW
http://wipfw.sourceforge.net/

Looks like a good light one, using IPSec so nothing drastic can really go wrong, next time I bridge the router, gonna give this a try instead of CHX which has been my standard fare.