filtergen compiles a high-level filtering description language into a
variety of target formats.
USAGE
filtergen reads the ruleset from the infile specified on the
command line (or standard input if infile is "-") and outputs to
standard output (or outfile) via an optionally specified backend.
Both short and GNU-style long option options are accepted:
-c, --compile
Only try to "compile" the input, and do not generate any output. This may be
useful to check that an input file has no syntax errors in it before one
attempts to use the result on a live server.
-t target-filter, --target=target-filter
If specified, target-filter will be used to select an output filter type,
otherwise the default of iptables will be used. Supported backends
are iptables, ipchains, ipfilter and cisco (for
Cisco IOS access-lists).
-F policy, --flush=policy
Flush mode. Generate a set of rules for clearing all rules from the packet
filter. Useful for firewall scripts that need to `shutdown' the firewall.
You can supply a policy argument in place of the usual filename, to
specify whether the flushed filter should default to accept,
reject, or drop. It defaults to accept, equivalent to
having no filter loaded at all. It is not necessary to specify an
infile when using flush mode.
-o outfile, --output=outfile
Write output to outfile instead of standard output.
-h, --help
Show command help.
-V, --version
Show program version.
BUGS
Not all backends implement all features.
The packet filter is not optimised.
filtergen was originally written by Matthew Kirkwood.
Jamie Wilkinson <jaq@spacepants.org> then rewrote a lot of the internals,
added some features, and took on maintenance of the project.
