filtergen 0.11 review
Downloadfiltergen takes a high-level langauge and compiles it into packet filtering rules for a variety of packet filters
|
|
filtergen takes a high-level langauge and compiles it into packet filtering rules for a variety of packet filters. Iptables, ipchains, and ipfilter backends are available.
This tool is for generating packet filtering rules from a fairly high-level description language. It doesn't support all of the whizz-bang features of the latest and greatest packet filters, but supports a decent subset which is sufficient for me.
It currently supports just Linux iptables and ipchains. Cisco IOS has been begun, but is incomplete. Darren Reed's ipfilter may be supported at some stage. It doesn't generate optimal rulesets, and has a few limitations which need to be removed, but is still a useful tool.
Not many large softare projects are written entirely in assembly language these days. It's not difficult to be, and the results can often be more efficient, but it does take longer to implement and bugfix, and is not portable to other systems. It is also harder for
others to understand, update and audit.
Similarly, it seems odd that people continue to write packet filters in the equivalent of assembler, or in inflexible macro languages.
Hence this package -- my intent is that "filter" will be to iptables and shell what a C compiler (but not a 4GL) is to assembly.
What's New in This Release:
fixed non-working example in filter_syntax man page fix 64-bit warning in filter.c netmask calculation add "-F [policy]" flush option better feedback on parse errors
filtergen 0.11 search tags