NAME

       fwb_ipt - Policy compiler for iptables

SYNOPSIS

       fwb_ipt       -fdata_file.xml       [-4]       [-6]       [-V]      [-dwdir]      [-i]      [-ooutput.fw]
       [-Ofw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]] [-v] [-xc] [-xnN] [-xpN] [-xt] object_name

DESCRIPTION

       fwb_ipt is a firewall policy compiler component of Firewall Builder (see  fwbuilder(1)).  Compiler  reads
       objects  definitions and firewall description from the data file specified with "-f" option and generates
       resultant iptables script. The script is written to the file with the name the same as the  name  of  the
       firewall object, plus extension ".fw".

       The  data  file and the name of the firewall objects must be specified on the command line. Other command
       line parameters are optional.

OPTIONS

       -4     Generate iptables script for IPv4 part of the policy. If any rules of the firewall refer  to  IPv6
              addresses, compiler will skip these rules.  Options "-4" and "-6" are exclusive. If neither option
              is used, compiler tries to generate both parts of the script, although generation of the IPv6 part
              is  controlled  by  the  option  "Enable  IPv6  support"  in the "IPv6" tab of the firewall object
              advanced settings dialog.  This option is off by default.

       -6     Generate iptables script for IPv6 part of the policy. If any rules of the firewall refer  to  IPv6
              addresses, compiler will skip these rules.

       -f FILE
              Specify the name of the data file to be processed.

       -o output.fw
              Specify output file name

       -O fw1_id,fw1_output.fw[,fw2_id,fw2_output.fw]
              The argument is a comma separated list of firewall object IDs and corresponding output file names.
              This option is used by fwbuilder GUI while compiling firewall clusters.

       -d wdir
              Specify working directory. Compiler creates file with iptables script in this directory.  If  this
              parameter is missing, then iptables script will be placed in the current working directory.

       -v     Be verbose: compiler prints diagnostic messages when it works.

       -V     Print version number and quit.

       -i     When  this  option  is  present,  the last argument on the command line is supposed to be firewall
              object ID rather than its name

       -xc    When output file name is determined automatically (i.e. flags -o or -O are not present), the  file
              name  is  composed  of  the cluster name and member firewall name rather than just member firewall
              name. This is used mostly for testing when the same member  firewall  object  can  be  a  part  of
              different clusters with different configurations.

       -xt    This  flag  makes  compiler  treat  all  fatal  errors  as warnings and continue processing rules.
              Generated configuration script most likely will be incorrect but will include error message  as  a
              comment; this flag is used for testing and debugging.

       -xp N  Debugging  flag:  this causes compiler to print detailed description of the policy rule number "N"
              as it precesses it, step by step.

       -xn N  Debugging flag: this causes compiler to print detailed description of the NAT rule number  "N"  as
              it precesses it, step by step.

URL

       Firewall Builder home page is located at the following URL: http://www.fwbuilder.org/

BUGS

       Please report bugs using bug tracking system on SourceForge:

       http://sourceforge.net/tracker/?group_id=5314&atid=105314

SEE ALSO

       fwbuilder(1), fwb_ipf(1), fwb_pf(1)