PacketFlow Firewall Generator is an XML-based
firewall generator. It takes an XML configuration
file that defines the firewall policy and
generates a list of iptables commands to implement
this policy. It is primarily intended for use on
dedicated firewalls, but it can be used in other
scenarios. It makes dealing with many interfaces
easy. PacketFlow works on the concept of
interface "security levels." New connections are
allowed to flow down hill from interfaces with a
high security level to interfaces with a low
security level. This approach tends to make rule
sets much shorter, even with many interfaces.
Access lists allow you to override the default
behavior of the security levels. Access lists are
defined between interfaces. There is also support
for incoming, outgoing, and wildcard access lists.
Wildcard access lists allow you to easily allow
new connections to a particular service from any
interface.
