ferm - for Easy Rule Making =========================== ![](https://badge.imagelayers.io/vimagick/ferm:latest.svg) [`ferm`][1] is a frontend for iptables, providing a way to write manageable rulesets without sacrificing flexibility. ## Tutorial ``` $ alias ferm='docker run -i --rm vimagick/ferm' $ cat > iptables.rules <<_EOF_ chain INPUT { policy DROP; mod state state (RELATED ESTABLISHED) ACCEPT; proto tcp dport (http ftp ssh) ACCEPT; } _EOF_ $ ferm -h Usage: ferm *options* *inputfiles* Options: -n, --noexec Do not execute the rules, just simulate -F, --flush Flush all netfilter tables managed by ferm -l, --lines Show all rules that were created -i, --interactive Interactive mode: revert if user does not confirm -t, --timeout s Define interactive mode timeout in seconds --remote Remote mode; ignore host specific configuration. This implies --noexec and --lines. -V, --version Show current version number -h, --help Look at this text --slow Slow mode, do not use iptables-restore --shell Generate a shell script which calls iptables-restore --domain {ip|ip6} Handle only the specified domain --def '$name=v' Override a variable $ ferm < iptables.rules # Generated by ferm 2.2 on Mon Jul 6 00:32:04 2015 *filter :INPUT DROP [0:0] -A INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT -A INPUT --protocol tcp --dport http --jump ACCEPT -A INPUT --protocol tcp --dport ftp --jump ACCEPT -A INPUT --protocol tcp --dport ssh --jump ACCEPT COMMIT $ ferm --slow - < iptables.rules iptables -t filter -P INPUT ACCEPT iptables -t filter -F iptables -t filter -X iptables -t filter -P INPUT DROP iptables -t filter -A INPUT --match state --state RELATED,ESTABLISHED --jump ACCEPT iptables -t filter -A INPUT --protocol tcp --dport http --jump ACCEPT iptables -t filter -A INPUT --protocol tcp --dport ftp --jump ACCEPT iptables -t filter -A INPUT --protocol tcp --dport ssh --jump ACCEPT ``` [1]: http://ferm.foo-projects.org/