PFconf 0.8.1 review

Download
by rbytes.net on

PFconf is a very simple script collection to ease working with "naked" packet filters. Most ACLs (packet filters) don't work with

License: GPL (GNU General Public License)
File size: 4K
Developer: Volker Tanger
0 stars award from rbytes.net

PFconf is a very simple script collection to ease working with "naked" packet filters.

Most ACLs (packet filters) don't work with "group" objects where one can list tables of IP addresses and networks for which one rule is applied. OpenBSD's "PF" is a exception from this rule.

So if you have three mail servers and 5 protocols (smpt, pop3, pop3s, imap, imaps) you will need to write 15 rules instead of one - and not forget a single permutation. With PFconf you only need one rule - and the script will take care of the necessary permutations.

These scripts are designed to be fairly simple, leave way room for comments (who ordered that, why is this rule here, etc) - and the usual quartett: small, efficient, portable and easy to use.

NAT handling and management scripts (when is a rule due for re-evaluation) will come soon. Target conversion for Cisco ACLs as well as for OpenBSD's PF will probably follow not far behind...

Requirements:
Unix Shell (tested with BASH)
standard Unix text tools (fgrep, cut, head, ...)
packet filter supported by the scripts (currently only Linux' IPTABLES)

Here are some key features of "PFconf":
NAT handling
Abstract targets (accept/reject/drop)
Management tools
more target scripts

PFconf 0.8.1 keywords