Linux firewall rule "language"

To ease the maintaince of linux firewall rules I have created a simple rule language, and a accopaning init.d script to parse the language and set everything up.

The language is basically a direct english translation of ipfwadm, ipportfw and modprobe, with options and arguments translated.

Default rules
input|output|forward default accept|deny|reject
Input/Output rules
input|output [protocol tcp|udp|icmp|any] [source|from [port ]] [destination|to ...] [log]

And a lot of other rules.. see the example and the init.d script.


Enable the ruleset
Disable forwarding, and most traffic to/from the machine
Restore default behaviour (unfiltered forwarding)
Show the ruleset after translation to commands (nothing executed)
Show commands as executed (like a verbose version of start)


Put this in /etc/rc.d/init.d/firewall, and create appropriate links in the rc.N directories (suggestion: S09/K96).
The ruleset. This should be saved as /etc/sysconfig/firewall [interface]
A simple shell script that validates the firewall rules

Henrik Nordström <>, last changed 1998-02-08