The firewall subsystem allows defining filtering rules for internet users. Rules can be defined using various criteria such as destination IP, protocol(tcp/udp/icmp), source and destination ports(tcp&udp). Iit's possible to define different rules based on hour of day, day of week, user state or connected RAS. This subsystem requires passing traffic through a special linux gateway, very similar to bandwidth management system. It's possible to have bandwidth manager and firewall on same linux box.