Netfilter rule notation and rule parsers

["René Pfeiffer" <lynx@luchs.at>]

[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]

Hello, Netfilter List!

I have a question regarding the notation of filter rules. I am quite
familiar with the syntax of the iptables command. Apparently most people
who write firewall scripts are familiar with it as well since a lot of
scripts configuring Netfilter rules consist of a shell script and config
scripts. Most people that run a packet filter don't want to delve into
the depths of the iptables syntax in order to change a few rules.

Is anyone on this list aware of projects that try to define a kind of
meta-syntax for filtering rules which can be processed and stored easier
than shell script fragments? Maybe someone has tried to write a parser
in order to import OpenBSD pf or Cisco PIX rules. I'd like to hear about
anyone who has thoughts on this.

I am aware that there are several rule editors out there (such as
FWbuilder). I am more interested in a low-level approach having simple
rules that can be parsed easily and possibly distributed among multiple
firewall systems.

Best wishes,
René.

-- 
  )\._.,--....,'``.      Let GNU/Linux work for you while you take a nap.
 /,   _.. \   _\  (`._ ,. R. Pfeiffer <lynx at luchs.at> + http://web.luchs.at/
`._.-(,_..'--(,_..'`-.;.'  - System administration + Consulting + Teaching -
Got mail delivery problems?  http://web.luchs.at/information/blockedmail.php

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]