Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
fwb_ipt(1)		       Firewall	Builder			    fwb_ipt(1)

NAME
       fwb_ipt - Policy	compiler for iptables

SYNOPSIS
       fwb_ipt	-fdata_file.xml	 [-4]  [-6]  [-V]  [-dwdir] [-i] [-ooutput.fw]
       [-Ofw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]]	 [-v]	[-xc]	[-xnN]
       [-xpN] [-xt] object_name

DESCRIPTION
       fwb_ipt	is  a  firewall	 policy	compiler component of Firewall Builder
       (see fwbuilder(1)). Compiler reads objects definitions and firewall de-
       scription  from	the data file specified	with "-f" option and generates
       resultant iptables script. The script is	written	to the file  with  the
       name the	same as	the name of the	firewall object, plus extension	".fw".

       The data	file and the name of the firewall objects must be specified on
       the command line. Other command line parameters are optional.

OPTIONS
       -4     Generate iptables	script for IPv4	part of	 the  policy.  If  any
	      rules  of	 the  firewall	refer to IPv6 addresses, compiler will
	      skip these rules.	 Options "-4" and "-6" are exclusive. If  nei-
	      ther  option  is	used, compiler tries to	generate both parts of
	      the script, although generation of the IPv6 part	is  controlled
	      by  the  option  "Enable	IPv6 support" in the "IPv6" tab	of the
	      firewall object advanced settings	dialog.	 This option is	off by
	      default.

       -6     Generate	iptables  script  for  IPv6 part of the	policy.	If any
	      rules of the firewall refer to  IPv6  addresses,	compiler  will
	      skip these rules.

       -f FILE
	      Specify the name of the data file	to be processed.

       -o output.fw
	      Specify output file name

       -O fw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]
	      The  argument  is	 a comma separated list	of firewall object IDs
	      and corresponding	output file names. This	option is used by  fw-
	      builder GUI while	compiling firewall clusters.

       -d wdir
	      Specify  working	directory. Compiler creates file with iptables
	      script in	this directory.	 If this parameter  is	missing,  then
	      iptables script will be placed in	the current working directory.

       -v     Be verbose: compiler prints diagnostic messages when it works.

       -V     Print version number and quit.

       -i     When  this  option  is present, the last argument	on the command
	      line is supposed to be firewall object ID	rather than its	name

       -xc    When output file name is determined automatically	(i.e. flags -o
	      or -O are	not present), the file name is composed	of the cluster
	      name and member firewall name rather than	just  member  firewall
	      name. This is used mostly	for testing when the same member fire-
	      wall object can be a part	of different clusters  with  different
	      configurations.

       -xt    This  flag makes compiler	treat all fatal	errors as warnings and
	      continue processing rules. Generated configuration  script  most
	      likely  will  be	incorrect  but will include error message as a
	      comment; this flag is used for testing and debugging.

       -xp N  Debugging	flag: this causes compiler to print detailed  descrip-
	      tion  of	the policy rule	number "N" as it precesses it, step by
	      step.

       -xn N  Debugging	flag: this causes compiler to print detailed  descrip-
	      tion  of	the  NAT  rule	number "N" as it precesses it, step by
	      step.

URL
       Firewall	 Builder  home	page  is  located  at	the   following	  URL:
       http://www.fwbuilder.org/

BUGS
       Please report bugs using	bug tracking system on SourceForge:

       http://sourceforge.net/tracker/?group_id=5314&atid=105314

SEE ALSO
       fwbuilder(1), fwb_ipf(1), fwb_pf(1)

FWB								    fwb_ipt(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | URL | BUGS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=fwb_ipt&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help