Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Mar 2017 20:43:56 +0700
From:      Victor Sudakov <>
To:        Polytropon <>
Cc:        Michael Wilcox <>,
Subject:   Re: UFW-Like frontend for IPFW
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Polytropon wrote:
> On Sun, 5 Mar 2017 17:57:02 +0530, Michael Wilcox wrote:
> > I was wondering if there is any frontend for IPFW.
> > 
> > Does anyone have one or must I use it directly?
> If I see the analogy correctly, a "UFW-like frontend" already
> is "included" with ipfw, i. e., ipfw works at a comparable
> level. If you compare the ufw commands with the ipfw commands,
> they are quite similar, so you'd use ipfw directly in the same
> manner as you use ufw to interact with iptables.
> As an equation:
> 	   ufw        ipfw
> 	---------- = ------
> 	 iptables     ipfw
> More or less... ;-)

There is one thing that a higher level macro language on top of ipfw
would be nice to have for.

Several times I have tried to emulate Cisco PIX/ASA logic with ipfw.
I just want to have e.g. 3 interfaces: inside, outside, dmz with
security levels of 100, 0, 50 respectively. Traffic can flow from the
interface with a higher security level to the interface with a lower
security level, and return traffic is permitted too.

Every time I have tried to express this with ipfw rules, I failed
miserably, though superficially it looks simple (with keep-state).

Has anyone done this?

Victor Sudakov,  VAS4-RIPE, VAS47-RIPN

Want to link to this message? Use this URL: <>