- Watcher is what we call a 'superordinated firewall manager' for Linux systems. It fills your firewall at system start-up or after reboot lightning-fast with DROPs taken from local lists, external resources (dynloaders) or from exclusive databases of optional modules.
- Optional Watcher modules conduct intrusion detection in realtime, fill the firewall autonomously and track attackers in exclusive databases for rapid restore after a reboot.
- Watcher does not need any compiliation or fancy 3rd-party scripting languages and runtime environments, since it uses only 'onboard tools' (bash, awk, grep, ...) of the operating system that came with the system installation.
- List processing is widely given into hands of AWK ("the chainsaw for text") scripts that works a hundred times faster than shell scripts.
- The modules use Sqlite databases for storage and retrieval of attackers, since use of linear files might slow down the system as such files grow to a couple of thousands. With databases the time is predictable and access to every record is fast.
For detailed information on how Watcher is designed see the Watcher concepts wiki page.