My favorites | Sign in
Project Home Downloads Wiki Issues Source
Summary   People
Project Information
Members
Links

English | Русский

flex-fw - flexible front-end for iptables

Description

flex-fw is a small and fast front-end for Linux iptables utility with an easy command syntax like ipfw or pf from BSD systems.

Features

  • service-oriented configuration. This makes it possible to start and stop access to each service separately and undependently without full stop the flex-fw.
  • network profile support. You can work with different network environments without any changes in the flex-fw setting. This is mostly used for notebooks. About the network profile see more /etc/net project.
  • macros support. Macros are user-defined variables that can hold an IP address, a port number, an interface name and etc.
  • easy migration to another network environment. All you need to do is redefine macros.
  • easy distribution to many hosts. With macros you can describe the services and distribute them to all owned hosts without any changes.
  • easy debug. Syslog logging support for iptables errors or droped packets.
  • interactive mode for manual configuring "on the fly".
  • batch mode for execution from shell scripts.
  • library mode for using of the flex-fw functions in your shell scripts directly. In my case it is the main mode.

Syntax example

# Access from me to anybody
allow output to any

# Access to my web server
allow input proto icmp
allow input from any in-if $ifWan to $ipWan proto tcp dport http

# Access to DMZ server
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto icmp
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto tcp dport http
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto tcp dport https

# SNAT for LAN
allow forward in-if $ifLan from $netLan out-if $ifWan
snat to-addr $ipWan out-if $ifWan from $netLan

Latest version

Latest version is 0.1.7

Documentation

See Quick Start Guide.

Help with flex-fw

I have not enough time to complete project documentation. You could help.

Supported Linux distribution

  • Debian
  • Slackware
  • RedHat soon
  • ...need any more?

To Do

  • create templates for various services - smtp, pop3, ftp and etc.
  • add "test" mode for temporary using firewall settings with automatic undo
  • add alternative boot mechanism using a single configuration file (like file-rc from Debian)
  • write HOW-TO for plugin developing
  • simplify the installation and configuration

Change Log

Discussion

Contacts

  • E-mail vitalkadrug@gmail.com
  • Jabber vitalkadrug@gmail.com
Powered by Google Project Hosting