UFW-Like frontend for IPFW
vas at mpeks.tomsk.su
Mon Mar 6 13:44:22 UTC 2017
> On Sun, 5 Mar 2017 17:57:02 +0530, Michael Wilcox wrote:
> > I was wondering if there is any frontend for IPFW.
> > Does anyone have one or must I use it directly?
> If I see the analogy correctly, a "UFW-like frontend" already
> is "included" with ipfw, i. e., ipfw works at a comparable
> level. If you compare the ufw commands with the ipfw commands,
> they are quite similar, so you'd use ipfw directly in the same
> manner as you use ufw to interact with iptables.
> As an equation:
> ufw ipfw
> ---------- = ------
> iptables ipfw
> More or less... ;-)
There is one thing that a higher level macro language on top of ipfw
would be nice to have for.
Several times I have tried to emulate Cisco PIX/ASA logic with ipfw.
I just want to have e.g. 3 interfaces: inside, outside, dmz with
security levels of 100, 0, 50 respectively. Traffic can flow from the
interface with a higher security level to the interface with a lower
security level, and return traffic is permitted too.
Every time I have tried to express this with ipfw rules, I failed
miserably, though superficially it looks simple (with keep-state).
Has anyone done this?
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
More information about the freebsd-questions