8 ferm is a frontend for ``iptables``. It reads the rules from a structured
9 configuration file and calls iptables(8) to insert them into the
12 ferm's goal is to make firewall rules easy to write and easy to
13 read. It tries to reduce the tedious task of writing down rules, thus
14 enabling the firewall administrator to spend more time on developing
15 good rules than the proper implementation of the rule.
17 To achieve this, ferm uses a simple but powerful configuration
18 language, which allows variables, functions, arrays, blocks. It also
19 allows you to include other files, allowing you to create libraries of
20 commonly used structures and functions.
22 ferm, pronounced "firm", stands for "For Easy Rule Making".
30 The package does not need to be compiled, just make sure you have perl
31 (which is present in any base linux system) and ``iptables`` (including
32 ``iptables-save`` and ``iptables-restore``), and the a kernel supporting
35 Run the make install install script as root to install the package in
36 it's best location, so it can be reached from the command line when
37 called. The manual page will also be installed.
47 Ferm can now be quickly removed from the system by issuing a "make
48 uninstall" command (as root, of course). This will not remove any
49 configuration files of course!
55 The ferm(1) manpage provides extensive documentation about the ferm
56 syntax. To get started, try one of the example files, and modify it
59 If your machine is already firewalled and you wish to switch to ferm,
60 the ``import-ferm`` script comes handy. It converts the current
61 firewall rules to a ferm configuration file:
63 import-ferm >/etc/ferm/ferm.conf
65 After that, let ferm install the new ruleset:
67 ferm /etc/ferm/ferm.conf
69 Be careful, don't lock youself out of remote machines! Use the
70 interactive mode (``--interactive``, ``-i``) often!