fwb_ipt(1) Firewall Builder fwb_ipt(1)NAMEfwb_ipt - Policy compiler for iptables
SYNOPSISfwb_ipt-fdata_file.xml [-4] [-6] [-V] [-dwdir] [-i] [-ooutput.fw]
[-Ofw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]] [-v] [-xc] [-xnN]
[-xpN] [-xt] object_name
DESCRIPTIONfwb_ipt is a firewall policy compiler component of Firewall Builder
(see fwbuilder(1)). Compiler reads objects definitions and firewall
description from the data file specified with "-f" option and generates
resultant iptables script. The script is written to the file with the
name the same as the name of the firewall object, plus extension ".fw".
The data file and the name of the firewall objects must be specified on
the command line. Other command line parameters are optional.
OPTIONS-4 Generate iptables script for IPv4 part of the policy. If any
rules of the firewall refer to IPv6 addresses, compiler will
skip these rules. Options "-4" and "-6" are exclusive. If nei‐
ther option is used, compiler tries to generate both parts of
the script, although generation of the IPv6 part is controlled
by the option "Enable IPv6 support" in the "IPv6" tab of the
firewall object advanced settings dialog. This option is off by
default.
-6 Generate iptables script for IPv6 part of the policy. If any
rules of the firewall refer to IPv6 addresses, compiler will
skip these rules.
-f FILE
Specify the name of the data file to be processed.
-o output.fw
Specify output file name
-O fw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]
The argument is a comma separated list of firewall object IDs
and corresponding output file names. This option is used by
fwbuilder GUI while compiling firewall clusters.
-d wdir
Specify working directory. Compiler creates file with iptables
script in this directory. If this parameter is missing, then
iptables script will be placed in the current working directory.
-v Be verbose: compiler prints diagnostic messages when it works.
-V Print version number and quit.
-i When this option is present, the last argument on the command
line is supposed to be firewall object ID rather than its name
-xc When output file name is determined automatically (i.e. flags -o
or -O are not present), the file name is composed of the cluster
name and member firewall name rather than just member firewall
name. This is used mostly for testing when the same member fire‐
wall object can be a part of different clusters with different
configurations.
-xt This flag makes compiler treat all fatal errors as warnings and
continue processing rules. Generated configuration script most
likely will be incorrect but will include error message as a
comment; this flag is used for testing and debugging.
-xp N Debugging flag: this causes compiler to print detailed descrip‐
tion of the policy rule number "N" as it precesses it, step by
step.
-xn N Debugging flag: this causes compiler to print detailed descrip‐
tion of the NAT rule number "N" as it precesses it, step by
step.
URL
Firewall Builder home page is located at the following URL:
http://www.fwbuilder.org/
BUGS
Please report bugs using bug tracking system on SourceForge:
http://sourceforge.net/tracker/?group_id=5314&atid=105314
SEE ALSOfwbuilder(1), fwb_ipf(1), fwb_pf(1)FWBfwb_ipt(1)
