Ferm [1] is wonderful as an iptables frontend. Apart from making it simpler to r... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

vidarh on June 15, 2016 | parent | context | favorite | on: My First 10 Minutes on a Server

Ferm [1] is wonderful as an iptables frontend. Apart from making it simpler to read, it can avoid a lot of repetition with handy shortcuts such as ability to group things. E.g.:

    proto tcp dport (smtp ssmtp qmtp pop3 pop3s imap2 imap3 imaps) ACCEPT;

.. creates rules for each of the ports listed. You can use multiple groups in the same statement as well (lets say all the services above for some crazy reason also listened to udp - you'd just replace "tcp" with "(tcp udp)").

Being able to set variables is also fantastic. E.g.:

    @def $DEV_PRIVATE = (eth0 eth1);

[1] https://github.com/MaxKellermann/ferm

zhynn on June 15, 2016 [–]

Also, FireHOL [1] is an interesting option. It also has a DSL for managing firewall rules. The custom service port definition is a little weird, but overall I like it better than ferm.

[1] https://firehol.org/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact