ferm is a tool to maintain and setup complicated firewall rules. It allows one to reduce the tedious task of carefully inserting rules and chains, thus enabling the firewall administrator to spend more time on developing good rules, and less time on the proper implementation of those rules. These rules will be executed by the preferred kernel interface, such as ipchains and iptables, and in one pass. Firewall rules can also be split into different files and loaded at will.
|Operating Systems||POSIX Linux|
Release Notes: Better support for mixed IPv4/IPv6 rules.
Release Notes: New @cat, @substr, and @length functions, and updates for the "state" and "icmp" netfilter modules.
Release Notes: New string comparison functions, IPv6 support in the resolver, and support for "ebtables --snap-arp".
Release Notes: Negation is now supported in mark, connmark, and set. The $FILENAME automatic variable was added. @include can now run a program. The $CHAIN variable within @subchain was fixed.
Release Notes: Double negation is detected. Detection of negated arrays was improved. dpkg's backup/temporary files on @include are ignored. "Flush" hooks were added.