NAME

       fwb_ipt - Policy compiler for iptables

SYNOPSIS

       fwb_ipt     -fdata_file.xml     [-4]     [-6]    [-V]    [-dwdir]    [-i]    [-ooutput.fw]
       [-Ofw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]] [-v] [-xc] [-xnN] [-xpN] [-xt] object_name

DESCRIPTION

       fwb_ipt is a firewall policy compiler component of Firewall  Builder  (see  fwbuilder(1)).
       Compiler  reads  objects definitions and firewall description from the data file specified
       with "-f" option and generates resultant iptables script. The script  is  written  to  the
       file with the name the same as the name of the firewall object, plus extension ".fw".

       The  data file and the name of the firewall objects must be specified on the command line.
       Other command line parameters are optional.

OPTIONS

       -4     Generate iptables script for IPv4 part of the policy. If any rules of the  firewall
              refer to IPv6 addresses, compiler will skip these rules.  Options "-4" and "-6" are
              exclusive. If neither option is used, compiler tries to generate both parts of  the
              script,  although  generation  of the IPv6 part is controlled by the option "Enable
              IPv6 support" in the "IPv6" tab of the firewall object  advanced  settings  dialog.
              This option is off by default.

       -6     Generate  iptables script for IPv6 part of the policy. If any rules of the firewall
              refer to IPv6 addresses, compiler will skip these rules.

       -f FILE
              Specify the name of the data file to be processed.

       -o output.fw
              Specify output file name

       -O fw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]
              The argument is a comma separated list of firewall  object  IDs  and  corresponding
              output  file  names.  This option is used by fwbuilder GUI while compiling firewall
              clusters.

       -d wdir
              Specify working directory. Compiler creates  file  with  iptables  script  in  this
              directory.   If  this  parameter is missing, then iptables script will be placed in
              the current working directory.

       -v     Be verbose: compiler prints diagnostic messages when it works.

       -V     Print version number and quit.

       -i     When this option is present, the last argument on the command line is  supposed  to
              be firewall object ID rather than its name

       -xc    When  output  file  name  is  determined automatically (i.e. flags -o or -O are not
              present), the file name is composed of the cluster name and  member  firewall  name
              rather  than  just  member  firewall name. This is used mostly for testing when the
              same member firewall object can be a part  of  different  clusters  with  different
              configurations.

       -xt    This flag makes compiler treat all fatal errors as warnings and continue processing
              rules. Generated configuration script  most  likely  will  be  incorrect  but  will
              include error message as a comment; this flag is used for testing and debugging.

       -xp N  Debugging  flag:  this  causes compiler to print detailed description of the policy
              rule number "N" as it precesses it, step by step.

       -xn N  Debugging flag: this causes compiler to print detailed description of the NAT  rule
              number "N" as it precesses it, step by step.

URL

       Firewall Builder home page is located at the following URL: http://www.fwbuilder.org/

BUGS

       Please report bugs using bug tracking system on SourceForge:

       http://sourceforge.net/tracker/?group_id=5314&atid=105314

SEE ALSO

       fwbuilder(1), fwb_ipf(1), fwb_pf(1)