ipfwadm2ipchains

Main section

This is the ipfwadm2ipchains script, designed to convert ipfwadm rulesets into ipchains rulesets. Simply feed it your ipfwadm rules via stdin and it will print out the corresponding ipchains rules.

For example, here's our example ipfwadm firewall, stored in rust.examples:

#!/bin/bash
ipfwadm -F  -p deny
ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
ipfwadm -I -a accept -V 10.1.2.1 -S 10.0.0.0/8 -D 0.0.0.0/0

Process it with ipfwadm2ipchains, like so:

cat rust.examples | ipfwadm2ipchains >rust.ipchains

and you get the output file rust.ipchains:

#!/bin/bash
ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
ipchains -A input -j ACCEPT -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0

Neat trick

Make a file called new_rules and place the following lines in it:

if [ -f /proc/net/ip_fwchains ]; then

The contents of your new ipchains ruleset file

elif [ -f /proc/net/ip_input ]; then

The contents of your original ipfwadm ruleset file

fi

This new combined file will work under both an ipchains and an ipfwadm kernel.

Known issues

ipfwadm2ipchains, starting with version 0.5.2, deals with blank lines in the input correctly.
ipfwadm2ipchains needs the command line parameters separated out. It fails on
```
ipfwadm -lenO
```
but successfully converts
```
ipfwadm -l -e -n -O
```
.

Download

For a complete list of all files, see filelist.html.

To download one of the following, right click on it and choose "Save link as..." or something like that. /usr/bin/ might be an appropriate place for it.

ipfwadm2ipchains (the latest version).

Version 0.5.2. 0.5.2 handles blank lines in input correctly.

Version 0.5.1. I made a mistake in 0.5.0 in the "Insert Rule" conversion by reversing the rule name and number.

Version 0.5.0.

This first release needs some testing; let me know what you find.

dotfile-prep. I wrote a small wrapper script for use with the ipfwadm dotfile generator. It's not really tested heavily as I don't use that program.

Feedback

If you have suggestions or questions, please email me at [email protected].

I'm especially interested in even brief success or failure reports.

Thanks

This program drew on the conversion table in Appendix A of the ipchains-HOWTO - Thanks, Rusty.

Other tools

Mason, the automatic firewall builder, Buildkernel, the automated tool for building Linux kernels.

Best viewed with something that can show web pages... <grin>