Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nlm/firval

a netfilter firewall rules generator designed to be easier to read, write and maintain
https://github.com/nlm/firval

Last synced: about 1 month ago
JSON representation

a netfilter firewall rules generator designed to be easier to read, write and maintain

Awesome Lists containing this project

README 

        
firval

======



a netfilter firewall rules generator designed to be easier to read, write and maintain



Install

=======



    git clone https://github.com/nlm/firval

    pip install ./firval



How to use

==========



Write a yaml configuration file and feed it to firval.py,

it will produce a iptables-restore compatible rule file



it means you can do this:



    cat rules.yaml | firval | iptables-restore



Configuration syntax

====================



    interfaces:

      IFNAME: PHYSICALINTERFACE



    addresses:

      ADDRNAME: HOSTADDR | NETADDR



    ports:

      PORTNAME: PORTNUMBER



    chains:

      filter|nat|mangle:

        CHAINNAME:

          - RULE

          - ...



    services:

      SERVICENAME:

        proto: tcp | udp | icmp

        port: PORT-NUMBER(,PORT-NUMBER)* (only for tcp or udp)

        type: ICMP-TYPE (only for icmp)



    rulesets:

      IFNAME-to-IFNAME:

        filter|nat|mangle:

          input|forward|output|...: (availability depends if in 'filter', 'nat' or 'mangle')

            - RULE

            - ...



    RULE = ((accept|reject|drop|masquerade|log|nflog)

            ((not)? from ADDRNAME ((not)? port PORTNAME)?)?

            ((not)? to ADDRNAME ((not)? port PORTNAME)?)?

            ((not)? proto (tcp|udp|icmp|any))?

            (service SERVICENAME)?

            (state (new|established|invalid))?

            (limit INTEGER/TIMEUNIT (burst INTEGER)?)?

            (comment "COMMENT")?

            (prefix "LOG_PREFIX"))

            | (jump CHAINNAME)