Functional overview

The ipfwadm utility is a replacement for the old ipfw(8) utility, as found in older versions of the Linux net-tools package. Ipfwadm was made to be more complete and easier to use than ipfw.

Among the features offered by ipfwadm are:

  • Changing default policies for all firewall categories.
  • Automatically adding the necessary extra rules when the named hosts have more than one IP address.
  • Support for specifying the interface address for the rules.
  • Support for specifying the interface name for the rules.
  • Listing and resetting packet/byte counters "atomically" for setting up a reliable accounting scheme.
  • Listing the existing rules in a number of formats.
  • Support for optional functions (bidirectional rules, TCP ACK, and TCP SYN matching).
  • Support for packet redirection (used for transparent proxying).
  • Support for masquerading.
  • A (hopefully) complete manual page.

Note that some of these features are only available in the newer versions of ipfwadm and/or the Linux kernel. Look at the accompanying manual page, ipfwadm(8), for a description of how to use this program. The ipfw(4) manual page describes the kernel level interface of the IP accounting/firewall services.

1-8-2011 - X/OS has moved!

X/OS has moved to a new office, but stays at the Amsterdam Science Park.