PacketFlow Firewall Generator
PacketFlow Firewall Generator is an XML based firewall
generator. It takes an XML configuration file that
defines the firewall policy and generates a list of
iptables commands to implement this policy. It is
primarily intended for use on dedicated firewalls,
but it can be used in other scenarios. It makes
dealing with many interfaces easy.
PacketFlow works on the concept of interface "security levels." New connections are allowed to flow down hill from interfaces with a high security level to interfaces with a low security level. This approach tends to make rule sets much shorter, even with many interfaces.
Access lists allow you to override the default behavior of the security levels. Access lists are defined between interfaces. There is also support for incoming, outgoing, and wildcard access lists. Wildcard access lists allow you to easily allow new connections to a particular service from any interface. Access lists are applied only to "new" connections, and once a connection has been established, you no longer need to deal with it specifically.