Dear Netfilter Users: I would like to announce the initial public release of a new tool called PacketFlow. It is a free command line XML based iptables firewall generator. I would like to invite you to download and evaluate it. The basic concept of PacketFlow is that of "security levels."* Every interface has a security level, and it indicates how much the interface is trusted. By default connections may made from a high security interface to a low security interface. By default, connections may not be made from a low security interface to a high security interface. Both may be overridden with access lists. Several examples are included in the download. These include dial-up, broadband, single DMZ, and multiple DMZ examples. These should illustrate the basics of the configuration file. There are a few features that are not yet shown in the samples, but hopefully they will be shown soon. PacketFlow is currently able to generate complete rule sets. Current development is focusing on better configuration validation and sanity checking. That said, the rule sets generated from a valid configuration file do work well. You are strongly encouraged to read through the generated rules for yourself. PacketFlow currently does not support generating NAT rules, but I hope to add that in the future. Any recommendations on a syntax for NAT rules would be appreciated. I would appreciate any feedback that you could provide. There is a FAQ on the home page listed below, and the source may be downloaded from the project page. Please submit any bugs that you find to the bug tracking system on the SourceForge site. Sincerely, Paul Frieden Home page: http://packetflowfw.sourceforge.net Project page: http://sourceforge.net/projects/packetflowfw/ * This is very similar to the security-levels used by the PIX firewall
