Basic linux firewall
Max Kellermann
max at duempel.org
Tue Mar 8 18:21:32 CET 2005
On 2005/03/08 18:07, Kenneth Porter <shiva at sewingwitch.com> wrote:
> I mention iptables-save as an output format because it's been mentioned
> here that it's more efficient than individual iptables commands for
> building large firewalls.
sure, interesting idea: let ferm generate an iptables-save file
instead of calling iptables many times in a row. I'm writing that on
my todo list.
> That makes sense. I was mostly thinking of the case where one already has a
> firewall produced with some other tool (or constructed by hand). Being able
> to reverse that into a ferm.conf file would allow people using other tools
> to easily migrate.
That's not as easy as it sounds - ferm is for structured firewall
rules, iptables is flat. But a simple (flat) back-translation could
provide a good starting point for a ferm migration.
Max
More information about the netfilter-devel
mailing list