ferm
ferm is a tool to maintain and setup complicated firewall rules. It allows one to reduce the tedious task of carefully inserting rules and chains, thus enabling the firewall administrator to spend more time on developing good rules, and less time on the proper implementation of those rules. These rules will be executed by the preferred kernel interface, such as ipchains and iptables, and in one pass. Firewall rules can also be split into different files and loaded at will.
| Tags | Networking Firewalls |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | Perl |
Recent releases
- 28 Feb 2009 23:27
Changes: Double negation is detected. Detection of negated arrays was improved. dpkg's backup/temporary files on @include are ignored. "Flush" hooks were added.
- 02 Dec 2008 21:39
Changes: This release enables policy-only domains. It doesn't list custom chains in --flush --fast mode.
- 27 Jul 2008 06:46
Changes: Duplicate specification of "table" and "chain" is allowed for better 1.3.x compatibility.
- 25 Jul 2008 17:31
Changes: This release adds the missing "COMMIT" lines when flushing in the "fast" mode.
- 24 Jul 2008 11:29
Changes: Support for arptables and ebtables was added. The order of match modules is now preserved.
- All comments
Recent commentsRe: Comments needed!
I implemented IP filters for one gateway and two servers in a DMZ network with ferm, and it it VERY easy to setup. Way better then other filter setup scripts, because you don't lose the flexibility of the iptables system.
The only thing missing is an init script to load a pre-defined ferm script (say, /etc/ip-filter.ferm). But this might be a job for packagers.
Debian package
In case you're interested: there's a debian package available at ftp.debian.org, see the project homepage for it's exact location.
sofar
Comments needed!
Hi there!
I'm very anxious for comments, patches, bugreports, well, anything actually!
Does Ferm behave you expected it to be? Do you like the way ferm handles
rules? Wish something would work differently? Anything else?
sofar