Syntax

To manage firewall rules we devised special commands with an easy syntax. The main goal was to abbreviate the length of the mostly used iptables commands and to simplify the syntax of them. For example, the following iptables command

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

could be reduced to:

accept input proto tcp dport 22

All flex-fw commands are regular ash/dash functions. All functions can split to the following groups:

• Filtering functions
• Address translation functions
• Control functions
• Other supplementary functions

Filtering functions

All filtering functions have simular syntax like that:

FUNCTION [ table TABLE ] [ action ACTION ] CHAIN [ FILTER ]

Where TABLE and CHAIN define the iptables table and chain names, FILTER defines extra conditions, and FUNCTION may be the following:

• accept
• allow
• deny
• drop
• reject

Address translation functions

The address translation functions are required to manage rules related to nat table of iptables.

• dnat
• masq
• snat

Control functions

The control functions can change the behaviour of flex-fw and manage the services.

• debug
• noexec
• profile
• reload
• service
• start
• stop
• verbose

Supplementary functions

• help
• iptables
• log
• syslog
• wrapper

---

Copyright (C) 2014 Vitalii Druzhinin
aka VitalShell