English | Русский

flex-fw - flexible front-end for iptables

Description

flex-fw is a small and fast front-end for Linux iptables utility with an easy command syntax like ipfw or pf from BSD systems.

Features

• service-oriented configuration. This makes it possible to start and stop access to each service separately and undependently without full stop the flex-fw.
• network profile support. You can work with different network environments without any changes in the flex-fw setting. This is mostly used for notebooks. About the network profile see more /etc/net project.
• macros support. Macros are user-defined variables that can hold an IP address, a port number, an interface name and etc.
• easy migration to another network environment. All you need to do is redefine macros.
• easy distribution to many hosts. With macros you can describe the services and distribute them to all owned hosts without any changes.
• easy debug. Syslog logging support for iptables errors or droped packets.
• interactive mode for manual configuring "on the fly".
• batch mode for execution from shell scripts.
• library mode for using of the flex-fw functions in your shell scripts directly. In my case it is the main mode.

Syntax example

# Access from me to anybody
allow output to any

# Access to my web server
allow input proto icmp
allow input from any in-if $ifWan to $ipWan proto tcp dport http

# Access to DMZ server
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto icmp
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto tcp dport http
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto tcp dport https

# SNAT for LAN
allow forward in-if $ifLan from $netLan out-if $ifWan
snat to-addr $ipWan out-if $ifWan from $netLan

Latest version

Latest version is 0.1.7

Documentation

See Quick Start Guide.

Help with flex-fw

I have not enough time to complete project documentation. You could help.

Supported Linux distribution

• Debian
• Slackware
• RedHat soon
• ...need any more?

To Do

• create templates for various services - smtp, pop3, ftp and etc.
• add "test" mode for temporary using firewall settings with automatic undo
• add alternative boot mechanism using a single configuration file (like file-rc from Debian)
• write HOW-TO for plugin developing
• simplify the installation and configuration

Change Log

• flex-fw Change Log

Discussion

• flex-fw mailing list

Contacts

• E-mail vitalkadrug@gmail.com
• Jabber vitalkadrug@gmail.com