BSD::IpfwgenBSD::Ipfwgen is a Perl module to aid in the creation of ipfw-based firewalls. | |
Download |
BSD::Ipfwgen Ranking & Summary
Advertisement
- License:
- Perl Artistic License
- Price:
- FREE
- Publisher Name:
- David Muir Sharnoff
- Publisher web site:
- http://search.cpan.org/~muir/
BSD::Ipfwgen Tags
BSD::Ipfwgen Description
BSD::Ipfwgen is a Perl module to aid in the creation of ipfw-based firewalls. BSD::Ipfwgen is a Perl module to aid in the creation of ipfw-based firewalls.SYNOPSIS use BSD::Ipfwgen; outside qw(**interface list**); leaf qw(**interface list**); consolidate qw(**network list**); us qw(**network list**); not_us qw(**network list**); to_us qw(**network list**); from_us qw(**network list**); symmetric qw(**network list**); count_by_interface(); count_by_address qw(**network list**); count_by_udp qw(**port list**); count_by_tcp qw(**port list**); no_looping() no_spoofing_us() no_spoofing_by_us() no_leaf_spoofing() tcp_from_rules($port, $rules); tcp_to_rules($port, $rules); udp_from_rules($port, $rules); udp_to_rules($port, $rules); from_net_rules($network, $rules); to_net_rules($network, $rules); to_me_rules($rules) not_to_me_rules($rules) from_me_rules($rules) not_from_me_rules($rules) in_interface_rules($interface, $rules); out_interface_rules($interface, $rules); drop_unwanted qw(**network list**); generate qw(**options**) **port list** is a list of integers. 80, 23, etc. **network list** is a list of network address. 207.33.90.32/27 etc. **interface list** is a list of interface names. de0, fxp1 etc **options** is a list of the valid options: DEFAULT-ACCEPT, INSECURE $rules is a newline separated set of L< ipfw > rules.Ipfwgen is designed to make writing complex firewalls easier and safer. It handles generating some of the harder rulesets: anti-spoofing, anti-looping, and anti land-attack.Ipfwgen does not try to reduce the complexity of firewall building. What it does do is allow you to write a perl program which generates a firewal. It's expected that the firewalls generated by Ipfwgen will be examined by a human and installed manually.Ipfwgen commands must be given in a particular sequence. First are the declaritive commands: outside, leaf, consolidate, us, not_us, and symmetric.Then the rule-specification commands: almost everything else. Ipfwgen keeps an internal database of the rules that are in progress. After all the rule-specification commands are done, then the firewall gets compiled.The generate command compiles the specifications into actuall ipfw commands and dumps them on STDOUT. Requirements: · Perl
BSD::Ipfwgen Related Software