infraBuilder firewall
ibdfw is published in Snapcraft store : https://snapcraft.io/ibdfw
Installation is as simple as :
sudo snap install ibdfwYou can generate your first config file with :
ibdfw config | sudo tee /var/snap/ibdfw/common/conf.d/main.confWhen applying rules for the first time, you have to connect firewall-control interface to ibdfw snap (error will be explicit, and will display the fixing command) :
ubuntu@fw:~$ sudo ibdfw apply
Could not use iptables. Please run:
'sudo snap connect ibdfw:firewall-control'Configuration is made by all files finishing with ".conf" that are in /var/snap/ibdfw/common/conf.d/
You can generate a config sample with the command ibdfw config also available here : src/conf.d/main.conf.sample
-
Easy NAT configuration for unidirectionnal (snat), bidirectionnal (1:1), port-forward NAT and NAT reflection
-
Comprehensive syntax for configuration
Default input,forward drop Default output accept Forward from ip 10.1.1.0/24 to ip 10.2.2.0/24 Forward from iprange 10.0.0.1-10.0.0.145 to ip 10.24.78.0/24 ports tcp 80,443 Input port tcp 22,80,443 Input from ip 10.1.1.0/24 port tcp 8080 Nat unidirectionnal 10.0.0.0/8 via 5.6.7.8 Nat port-forward 5.6.7.8:1022 to 10.0.0.1:22 Nat reflection 10.0.0.0/8 on eth1 -
ibdfw is written in bash and is based on iptables
-
Standard input/output/default rules
-
Better router security with routing restrictions (
Forwardinstructions ) -
Support custom complex scenarii with
Rawrules acting as iptables commands passthrough