PacketFlow Firewall Generator







Project Page

PacketFlow is a relatively unique firewall generator. It was inspired by the need to manage firewalls with many interfaces that had complex relationships to each other.


  • Secure
    Many free firewall scripts are just that: scripts. They are helpful, but they are not a customized firewall specifically for you. PacketFlow can generate a firewall that exactly fits your needs without the baggage of trying to make it work for everybody.

    In addition, the rules generated by PacketFlow are very secure. By default, everything that isn't allowed is dropped.

  • Easily supports many interfaces
    Because of the simple configuration, PacketFlow makes it very easy to support many interfaces. This is because security levels make the relation between interfaces easy to understand. This combined with the logical interfaces make it much easier to use VLANs for micro-segmentation.

  • Logical interfaces
    Interface abstraction allows you to easily move a policy from one physical device to another. For example, if you move from a DSL provider that uses PPPoE to one that does not, you can easily move your rules to the new device.

  • Security levels
    When writing rules by hand, a large percentage of your time will be spent configuring the basic policy between interfaces. The concept of security levels drastically simplifies this. If traffic should flow freely from one interface to another, simply assign it a higher security level.

  • Command line with simple XML configuration
    Many firewall tools are implemented using a GUI. This can be nice for a user running a firewall on his workstation, but it is far from ideal for a dedicated firewall. Firewalls generally do not have X installed, so you have to run the tool on another machine. This forces you to transfer the rule sets and the generated rules back to the firewall every time. A tool that can be used directly on the firewall makes it much easier to do quick changes.

  • Efficient generated rules
    PacketFlow uses a simple concept that allows it to produce very efficient rules. This means that most packets will be matched very early in the rule sets. Logo