http://www.xos.nl/linux/ipfwadm/
    ---------------------------------------------------------------


    Ipfwadm is a utility to administer the
    IP accounting and IP firewall services offered by the Linux kernel.
    The current stable versions of ipfwadm are version 1.2,
    requiring Linux version 1.2.1 or later, and version 2.3.0,
    requiring Linux version 1.3.66 or later.
    One of the previous beta-test versions of ipfwadm, version 2.0beta1,
    works for Linux versions 1.3.61 till 1.3.65.


    Please Note:
    The transparent proxy facility does not work properly in kernel versions
    2.0.30 and most 2.1 versions up to at least 2.1.27, due to internal networking
    code changes. A fix is being worked on.


    Look at the accompanying manual page,
    ipfwadm(8),
    for a description
    of how to use this program.
    The
    ipfw(4)
    manual page describes the
    kernel level interface of the IP accounting/firewall services.


    A paper introducing the Linux IP firewall and accounting facilities
    and the use of ipfwadm, with some examples, is available now.


    Note: this paper was written in April 1996 and presented on a UNIX conference
    in May 1996, so it is still based on Linux 1.3.88 and ipfwadm 2.0.
    A revision, updated for Linux 2.0.x and ipfwadm 2.3.0, is planned,
    but not yet available.
    But most, if not all, of the examples will still work with the current
    versions.
    Some additions made after Linux 1.3.88, such as support for true transparent
    proxying, are not yet described in the paper.


    The ipfwadm utility is meant to be a replacement for the existing ipfw(8)
    utility, as found in the net-tools package. Ipfwadm was made to be
    more complete and easier to use than ipfw.


    Among the features offered by ipfwadm are:


    • Changing default policies for all firewall categories.
    • Automatically adding the necessary extra rules when the named
      hosts have more than one IP address.
    • Support for specifying the interface address for the rules.
    • Support for specifying the interface name for the rules.
    • Listing and resetting packet/byte counters "atomically" for
      setting up a reliable accounting scheme.
    • Listing the existing rules in a number of formats.
    • Support for optional functions (bidirectional rules, TCP ACK,
      and TCP SYN matching).
    • Support for redirection (used for transparent proxying).
    • Support for masquerading in the forwarding firewall.
    • A complete manual page. (Yes! Really!)

    Note that some of the features are only available in the 2.3.0 version.
    Also, some of the features in 2.3.0 are not available when ipfwadm is
    compiled with kernels older than 1.99.7 (aka pre2.0.7).


    Of course, you can find the
    source
    of ipfwadm in our FTP archive:


    • ipfwadm 1.2
      for 1.2.x kernels (not 1.2.0)
    • ipfwadm 2.0beta1
      for kernels 1.3.61 till 1.3.65
    • ipfwadm 2.3.0
      for 1.3.66 and newer (including 2.0.0 and above!)

    For users of Red Hat Linux or any derived system (like Caldera), there
    are ready-to-use RPM files available for ipfwadm 1.2 (Red Hat Picasso with
    Linux 1.2.13) and ipfwadm 2.3.0 (Red Hat Picasso or Red Hat Rembrandt, used
    in combination with Linux 2.0.x):

    • ipfwadm 1.2 source RPM
    • ipfwadm 1.2 binary (i386) RPM
    • ipfwadm 2.3.0 source RPM
    • ipfwadm 2.3.0 binary (i386) RPM



    -------------------------------


    [
    X/OS home page
    ]



    -------------------------------



    Copyright © 1995 by X/OS Experts in Open Systems BV. All rights reserved.