Linux firewall rule "language"
To ease the maintaince of linux firewall rules I have created a simple rule language, and a accopaning init.d script to parse the language and set everything up.
The language is basically a direct english translation of ipfwadm, ipportfw and modprobe, with options and arguments translated.
- Default rules
- input|output|forward default accept|deny|reject
- Input/Output rules
- input|output [protocol tcp|udp|icmp|any] [source|from
And a lot of other rules.. see the example
and the init.d script.
- Enable the ruleset
- Disable forwarding, and most traffic to/from the machine
- Restore default behaviour (unfiltered forwarding)
- Show the ruleset after translation to commands (nothing executed)
- Show commands as executed (like a verbose version of start)
- Put this in /etc/rc.d/init.d/firewall, and create appropriate links in the rc.N directories (suggestion: S09/K96).
- The ruleset. This should be saved as /etc/sysconfig/firewall
- A simple shell script that validates the firewall rules
last changed 1998-02-08