This is the command fwb_ipf that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
fwb_ipf - Policy compiler for ipfilter
SYNOPSIS
fwb_ipf [-vVx] [-d wdir] [-o output.fw] [-i] -f data_file.xml object_name
DESCRIPTION
fwb_ipf is a firewall policy compiler component of Firewall Builder (see fwbuilder(1)).
This compiler generates code for ipfilter. Compiler reads objects definitions and firewall
description from the data file specified with "-f" option and generates ipfilter
configuration files and firewall activation script.
All generated files have names that start with the name of the firewall object. Firewall
activation script has extension ".fw" and is simple shell script that flushes current
policy, loads new filter and nat rules and then activates ipfilter. IPFilter
configuration file name starts with the name of the firewall object, plus "-ipf.conf".
NAT configuration file name also starts with the name of the firewall object, plus
"-nat.conf". For example, if firewall object has name "myfirewall", then compiler will
create three files: "myfirewall.fw", "myfirewall-pf.conf", "myfirewall-nat.conf".
The data file and the name of the firewall objects must be specified on the command line.
Other command line parameters are optional.
OPTIONS
-f FILE
Specify the name of the data file to be processed.
-o output.fw
Specify output file name
-d wdir
Specify working directory. Compiler creates firewall activation script and
ipfilter configuration files in this directory. If this parameter is missing, then
all files will be placed in the current working directory.
-v Be verbose: compiler prints diagnostic messages when it works.
-V Print version number and quit.
-i When this option is present, the last argument on the command line is supposed to
be firewall object ID rather than its name
-x Generate debugging information while working. This option is intended for debugging
only and may produce lots of cryptic messages.
NOTES
Support for ipf returned in version 1.0.1 of Firewall Builder
Supported features:
o both ipf.conf and nat.conf files are generated
o negation in policy rules
o stateful inspection in individual rule can be turned off in rule options dialog. By
default compiler adds "keep state" or "modulate state" to each rule with action
'pass'
o rule options dialog provides a choice of icmp or tcp rst replies for rules with
action "Reject"
o compiler adds flag "allow-opts" if match on ip options is needed
o compiler can generate rules matching on TCP flags
o compiler can generate script adding ip aliases for NAT rules using addresses that
do not belong to any interface of the firewall
o compiler always adds rule "block quick all" at the very bottom of the script to
ensure "block all by default" policy even if the policy is empty.
o Address ranges in both policy and NAT
Features that are not supported (yet)
o negation in NAT
o custom services
Features that won't be supported (at least not anytime soon)
o policy routing
URL
Firewall Builder home page is located at the following URL: http://www.fwbuilder.org/
Use fwb_ipf online using onworks.net services
