UFW-Like frontend for IPFW
Victor Sudakov
vas at mpeks.tomsk.su
Mon Mar 6 13:44:22 UTC 2017
Polytropon wrote:
> On Sun, 5 Mar 2017 17:57:02 +0530, Michael Wilcox wrote:
> > I was wondering if there is any frontend for IPFW.
> >
> > Does anyone have one or must I use it directly?
>
> If I see the analogy correctly, a "UFW-like frontend" already
> is "included" with ipfw, i. e., ipfw works at a comparable
> level. If you compare the ufw commands with the ipfw commands,
> they are quite similar, so you'd use ipfw directly in the same
> manner as you use ufw to interact with iptables.
>
> As an equation:
>
> ufw ipfw
> ---------- = ------
> iptables ipfw
>
> More or less... ;-)
There is one thing that a higher level macro language on top of ipfw
would be nice to have for.
Several times I have tried to emulate Cisco PIX/ASA logic with ipfw.
I just want to have e.g. 3 interfaces: inside, outside, dmz with
security levels of 100, 0, 50 respectively. Traffic can flow from the
interface with a higher security level to the interface with a lower
security level, and return traffic is permitted too.
Every time I have tried to express this with ipfw rules, I failed
miserably, though superficially it looks simple (with keep-state).
Has anyone done this?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
More information about the freebsd-questions
mailing list