myfw is firewall based on iptables snipets or modules.
A configuration is listing ``modules'', which are containing iptables rules. Thoses modules can contain perl code, in order to facilitate writing of rules (think foreach @ntp_servers). They can also contain raw iptables commands for kick and easy start.
Configs can be pre-defined, which is useful if you have multiple machines that need the same firewall rules.
myfw also generate ipac-ng rules, according to iptables chains inserted.
to start : ./base
to stop :
-a : accept default rule instead of drop. usefull for debug in case the execution is half borked
-d : show unprocessed commands (with variables names) (good for debug) -e : show iptables commands -c : yet another debug : show what is evaluated -l : debug parse -v : level debug -f : don't touch forward (/proc/sys/net/ipv4/ip_forward) in case of fw failure -o : no cmd-owner -s : use this special config file -i : no ipac at all old : no domain ipac (good for slow machines, shorter startup time) -i should not use ipac at all (or add another option) -r : yet another debug -t : use iptables-restore mode (does not work on woody : --sport invalid ..??) -n : no execute, just try the script
-p : print config -m