Pyroman

Pyroman is a flexible and fast firewall tool.
Download

Pyroman Ranking & Summary

Advertisement

  • Rating:
  • License:
  • MIT/X Consortium Lic...
  • Price:
  • FREE
  • Publisher Name:
  • Erich Schubert
  • Publisher web site:
  • http://www.vitavonni.de/projekte/dbus-inspector

Pyroman Tags


Pyroman Description

Pyroman is a flexible and fast firewall tool. Pyroman is a flexible and fast firewall tool.Here are some key features of "Pyroman":The good:· Really fast compared to sh+awk based solutions due to using iptables-restore· Rollback to previous firewall on error to minimize risk of use· Detailed error reporting to help configuring· Easy syntax to add hosts, nats· Designed for complex networks· Written in easy to read python code· Extensively documented (Python docstrings)· You can add custom iptables rules when needed· Lots of verification checks done before execution· Designed to use the same configuration files on multiple hosts (e.g. failover firewalls or the destination host itself; it will detect if you are talking about a local or a remote hostThe bad:· Not designed for single-host workstation setups· Doesn't completely hide iptables complexity from the admin (good or bad?)· Only iptables, no TC/Shaping, no IPsec, proxy arp setup, VPN, ifconfig (I use other tools for that, e.g. heartbeat)To tease you a little more into testing, here's an example host configuration: ("dmz" is an interface alias - where the web server is connected to -, as are "INT", "DMZ" and "ANY" for clients on these interfaces)A really simple webserver configuration.These examples are just boring...But without NAT they would be even more boring.# web serveradd_host( name="web", ip="10.100.1.2", iface="dmz")# offering, well, web service.allow( client="ANY DMZ INT", server="web", service="www ssh ping")# internal hosts may access FTP, tooallow( client="INT", server="web", service="ftp")# setup NATadd_nat( client="ANY INT", server="web", ip="12.34.56.80")(Yes, this is a python script. No, you probably won't care to write your configuration in a programming language, will you?)What's New in This Release:· This release cleans up rule name handling for INPUT/OUTPUT/FORWARD and ACCEPT/DROP/REJECT rules (it was a bit messy before).· It will now default to the kernel names, which are overridden in the base examples provided to make use of connection tracking, etc.


Pyroman Related Software

About SoftwareSea