1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
The ferm debian package
=======================
More information about ferm can be obtained from the github ferm page,
https://github.com/MaxKellermann/ferm, or on the project page,
http://ferm.foo-projects.org/. Please note that ferm.foo-projects.org does
not support https and the https version of that URL currently (2025-05)
ends up in an "under construction" page. Many modern browsers use https
without explicitly being told to.
By default, ferm's configuration file is /etc/ferm/ferm.conf. The
directory /etc/ferm/ferm.d is reserved for includes you might
want to write.
The init script itself is configured with /etc/default/ferm, which
contains several variables. Most important for now is "ENABLED=yes"
if you want ferm to be run automatically on boot.
The cache ("CACHE=yes", disabled by default) speeds things up, too,
because ferm will only be run when you modify its configuration, but
this also means that ferm's rollback-on-error isn't assisting you.
Also note that the init script doesn't notice when you change an
include file. To work around that, touch /etc/ferm/ferm.conf.
I recommend you use ferm's so-called "interactive mode" while you
develop firewall rules on remote machines. In this mode, ferm applies
the new firewall rules and asks you for confirmation. If you don't
confirm within 30 seconds, ferm reverts to the previous rule set.
Run:
ferm --interactive /etc/ferm/ferm.conf
-- Max Kellermann <max@duempel.org> 2013
-- Marc Haber <mh+debian-packages@zugschlus.de> 2025
|
