Network firewalls allow a defender to segment their network into different zones. One common architecture uses a DMZ for external facing systems and a separate internal network. Linux distributions such as IPFire can be used as the anchor point for such networks; these can even be implemented virtually using VMWareWorkstation or VirtualBox. IPFire controls traffic in and out of these networks using port forwarding, DMZ pinholes, external access rules, and outgoing firewall rules. IPFire also provides a range of services, including logging, a time server, and a web proxy.