Linux firewall rule "language"

To ease the maintaince of linux firewall rules I have created a simple rule language, and a accopaning init.d script to parse the language and set everything up.

The language is basically a direct english translation of ipfwadm, ipportfw and modprobe, with options and arguments translated.

Default rules

input|output|forward default accept|deny|reject

Input/Output rules

input|output [protocol tcp|udp|icmp|any] [source|from [port ]] [destination|to ...] [log]

And a lot of other rules.. see the example and the init.d script.

Arguments

start

Enable the ruleset

stop

Disable forwarding, and most traffic to/from the machine

clear

Restore default behaviour (unfiltered forwarding)

debug

Show the ruleset after translation to commands (nothing executed)

debugstart

Show commands as executed (like a verbose version of start)

Files:

/etc/rc.d/init.d/firewall

Put this in /etc/rc.d/init.d/firewall, and create appropriate links in the rc.N directories (suggestion: S09/K96).

/etc/sysconfig/firewall

The ruleset. This should be saved as /etc/sysconfig/firewall

checkrules.sh [interface]

A simple shell script that validates the firewall rules