ferm - for Easy Rule Making


ferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.

chain INPUT {
    policy DROP;
    mod state  state (RELATED ESTABLISHED)  ACCEPT;
    proto tcp  dport (http ftp ssh)  ACCEPT;

ferm 2.7

The latest version is: 2.7.



Debian, Gentoo, Arch and Fedora have official ferm packages.


Read the ferm manual online.

To get a quick overview, you may find the examples useful:


The ferm sources are managed in a git repository. To clone the repository, type:

git clone https://github.com/MaxKellermann/ferm

Send pull requests via GitHub


For support or discussion on ferm, you have two choices:


ferm is © Max Kellermann, Auke Kok <sofar at foo-projects.org>

Licensed under the GPLv2.