ferm - for Easy Rule Making

Introduction

ferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.

chain INPUT {
    policy DROP;
    mod state  state (RELATED ESTABLISHED)  ACCEPT;
    proto tcp  dport (http ftp ssh)  ACCEPT;
}

ferm 2.0

The latest version is: 2.0.5.

Major Changes since version 1.3

• support for arptables and ebtables
• honor the order of match modules
• more...

ferm 1.3

The latest version is: 1.3.5.

Packages

Debian and Gentoo have official ferm packages.

Pahan-Hubbitus created (unofficial) RPM packages for Fedora in his YUM repository. There is a ferm subdirectory.

#ferm

For support or discussion on ferm, join the channel #ferm on freenode.

Documentation

Read the ferm manual online.

To get a quick overview, you may find the examples useful:

• a workstation
• a web server
• a home DSL router
• a corporate router with a demilitarized zone

Development

The ferm sources are managed in a git repository. To clone the repository, type:

git clone git://repo.or.cz/ferm.git

Copyright

ferm is © Max Kellermann, Auke Kok <sofar at foo-projects.org>

Licensed under the GPLv2.