descriptionferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again.
homepage URLhttp://ferm.foo-projects.org/
ownermax@duempel.org
last changeFri, 20 May 2016 10:32:34 +0000 (20 12:32 +0200)
content tags
add:
readme
ferm README
===========

        Max Kellermann <max@foo-projects.org>
        Auke Kok <sofar@foo-projects.org>


Description
-----------

ferm is a frontend for iptables. It reads the rules from a structured
configuration file and calls iptables(8) to insert them into the
running kernel.

ferm's goal is to make firewall rules easy to write and easy to
read. It tries to reduce the tedious task of writing down rules, thus
enabling the firewall administrator to spend more time on developing
good rules than the proper implementation of the rule.

To achieve this, ferm uses a simple but powerful configuration
language, which allows variables, functions, arrays, blocks. It also
allows you to include other files, allowing you to create libraries of
commonly used structures and functions.

ferm, pronounced "firm", stands for "For Easy Rule Making".


Installing ferm
---------------

  make install

The package does not need to be compiled, just make sure you have perl
(which is present in any base linux system) and iptables (including
iptables-save and iptables-restore), and the a kernel supporting
netfilter.

Run the make install install script as root to install the package in
it's best location, so it can be reached from the command line when
called. The manual page will also be installed.

That's all!


Uninstalling ferm
-----------------

  make uninstall

Ferm can now be quickly removed from the system by issuing a "make
uninstall" command (as root, of course). This will not remove any
configuration files of course!


Getting started
---------------

The ferm(1) manpage provides extensive documentation about the ferm
syntax.  To get started, try one of the example files, and modify it
for your needs.

If your machine is already firewalled and you wish to switch to ferm,
the "import-ferm" script comes handy.  It converts the current
firewall rules to a ferm configuration file:

  import-ferm >/etc/ferm/ferm.conf

After that, let ferm install the new ruleset:

  ferm /etc/ferm/ferm.conf

Be careful, don't lock youself out of remote machines!  Use the
interactive mode (--interactive, -i) often!
shortlog
2016-05-20 Max KellermannMerge branch 'master' of git://github.com/brenard/fermmaster
2016-05-20 Max Kellermannincrement version number to 2.3.1
2016-05-20 Benjamin RenardAdd some examples to use new connlimit module parameters
2016-05-20 Benjamin RenardAdd support for --connlimit-upto, --connlimit-saddr...
2016-04-20 klemensspelling_fix
2016-03-30 Max Kellermannrelease v2.3v2.3
2016-03-30 Max Kellermanntest: add unit test for @gotosubchain
2016-03-30 Bret Giddingsnew keyword @gotosubchain
2016-03-30 Max KellermannMakefile: print message after "check"
2016-03-30 Max Kellermannrename "realgoto" to "goto"
2016-03-30 Max Kellermannadd function @glob
2015-12-03 Apollon OikonomopoulosAdd support for the SYNPROXY target
2015-12-03 Apollon Oikonomopouloshashlimit: add support for xt_hashlimit options
2015-02-19 Bernd ZeimetzAdd support for the ipvs module.
2015-02-19 Max Kellermannsupport various target modules
2015-02-19 Max Kellermannsupport new SET parameters
...
tags
2 months ago v2.3 release v2.3
2 years ago v2.2
3 years ago v2.1.2
3 years ago v2.1.1
4 years ago v2.1
5 years ago v2.0.9
5 years ago v2.0.8
6 years ago v2.0.7
6 years ago v2.0.6
7 years ago v2.0.5
7 years ago v2.0.4
7 years ago v2.0.3
7 years ago v2.0.2
7 years ago v2.0.1
7 years ago v2.0
7 years ago v1.3.5
...
heads
5 weeks ago master
7 years ago ferm-1.3.x
8 years ago ferm-1.2.x
9 years ago ferm-1.0.x