A fast and small ash/dash front-end for Linux iptables
# Access from me to anybody
allow output to any
# Access to my web server
allow input proto icmp
allow input from any in-if $ifWan to $ipWan proto tcp dport http
# Access to DMZ server
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto icmp
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto tcp dport http
allow forward from any to $ipDmzServer in-if $ifWan out-if $ifDMZ proto tcp dport https
# SNAT for LAN
allow forward in-if $ifLan from $netLan out-if $ifWan
snat to-addr $ipWan out-if $ifWan from $netLan
- service-oriented configuration. This makes it possible to start and stop access to each service separately and undependently without full stop the flex-fw.
- network profile support. You can work with different network environments without any changes in the flex-fw setting. This is mostly used for notebooks. About the network profile see more /etc/net project.
- macros support. Macros are user-defined variables that can hold an IP address, a port number, an interface name and etc.
- easy migration to another network environment. All you need to do is redefine macros.
- easy distribution to many hosts. With macros you can describe the services and distribute them to all owned hosts without any changes.
- easy debug. Syslog logging support for iptables errors or droped packets.
- interactive mode for manual configuring "on the fly".
- batch mode for execution from shell scripts.
- library mode for using of the flex-fw functions in your shell scripts directly. In my case it is the main mode.
In a hurry? Add it to your Download Basket!
What's New in This Release:
- FIXED bad permissions for flex-fw files and directories.
- ADDED help for "service" function
- ADDED help for "start" function
- ADDED help for "stop" function