Dwall is an all-purpose firewall tool to generate an iptables firewall out of a simple configuration. It contains about 80 predefined services and comes with a simple 3 zone firewall example.

In essence the sysadmin only needs to define the different zones and define what traffic is allowed from one zone to another (if any).
I finally released Dwall. If you want to contribute services/protocols, documentation or enhancements, please send them to me !

The basic functionality is in place, look at the TODO to see what is still missing. I consider this implementation a working reference implementation, I'm sure it would be best to rewrite it in some other language and that it can be improved a lot without making it more complex to configure. Dwall has currently the following features:

I'd like to implement the following items: This is a simple setup for a firewall with 2 interfaces. With 2 interfaces you have 3 zones, namely internet, local and self. (self being the firewall)

If you have 3 zones you have 6 possible traffic-flows. Being:

If a chain does not exist, no traffic is allowed in that direction. The following simple example will only allow traffic from the local network to internet and to the firewall itself.

zone.conf

alias.conf chains/local-internet.chain chains/local-self.chain scripts/post.sh You can download Dwall from: