Are you happy with your logging solution? Would you help us out by taking a 30-second survey? Click here


ferm is a frontend for iptables

Subscribe to updates I use ferm

Statistics on ferm

Number of watchers on Github 0
Number of open issues 0
Main language Perl
Average time to merge a PR 4 days
Open pull requests 0+
Closed pull requests 1+
Last commit almost 4 years ago
Repo Created over 3 years ago
Repo Last Updated over 3 years ago
Size 1.34 MB
Organization / Authorcxcv
Page Updated
Do you use ferm? Leave a review!
View ferm activity
View on github
Fresh, new opensource launches 🚀🚀🚀
Trendy new open source projects in your inbox! View examples

Subscribe to our mailing list

Evaluating ferm for your project? Score Explanation
Commits Score (?)
Issues & PR Score (?)


    Max Kellermann <>
    Auke Kok <>


ferm is a frontend for iptables. It reads the rules from a structured configuration file and calls iptables(8) to insert them into the running kernel.

ferm's goal is to make firewall rules easy to write and easy to read. It tries to reduce the tedious task of writing down rules, thus enabling the firewall administrator to spend more time on developing good rules than the proper implementation of the rule.

To achieve this, ferm uses a simple but powerful configuration language, which allows variables, functions, arrays, blocks. It also allows you to include other files, allowing you to create libraries of commonly used structures and functions.

ferm, pronounced firm, stands for For Easy Rule Making.

Installing ferm

make install

The package does not need to be compiled, just make sure you have perl (which is present in any base linux system) and iptables (including iptables-save and iptables-restore), and the a kernel supporting netfilter.

Run the make install install script as root to install the package in it's best location, so it can be reached from the command line when called. The manual page will also be installed.

That's all!

Uninstalling ferm

make uninstall

Ferm can now be quickly removed from the system by issuing a make uninstall command (as root, of course). This will not remove any configuration files of course!

Getting started

The ferm(1) manpage provides extensive documentation about the ferm syntax. To get started, try one of the example files, and modify it for your needs.

If your machine is already firewalled and you wish to switch to ferm, the import-ferm script comes handy. It converts the current firewall rules to a ferm configuration file:

import-ferm >/etc/ferm/ferm.conf

After that, let ferm install the new ruleset:

ferm /etc/ferm/ferm.conf

Be careful, don't lock youself out of remote machines! Use the interactive mode (--interactive, -i) often!

ferm list of languages used
More projects by cxcv View all
Other projects in Perl