1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# Foomuuri
Foomuuri is a multizone bidirectional nftables firewall.
See [wiki](https://github.com/FoobarOy/foomuuri/wiki) for documentation
and [host firewall](https://github.com/FoobarOy/foomuuri/wiki/Host-Firewall)
or [router firewall](https://github.com/FoobarOy/foomuuri/wiki/Router-Firewall)
for example configuration files.
[Getting started](https://github.com/FoobarOy/foomuuri/wiki/Getting-Started)
page contains quick instructions how to install Foomuuri. Help is available
via [discussions](https://github.com/FoobarOy/foomuuri/discussions) and
IRC channel `#foomuuri` on Libera.Chat.
## Features
* Firewall zones
* Bidirectional firewalling for incoming, outgoing and forwarding traffic
* Suitable for all systems from personal laptop to corporate firewalls
* Rich rule language for flexible and complex rules
* Predefined list of services for simple rule writing
* Rule language supports macros and templates
* IPv4 and IPv6 support with automatic rule splitting per protocol
* SNAT, DNAT and masquerading support
* Logging and counting
* Rate limiting
* DNS hostname lookup and IP-list support with dynamic IP address refreshing
* Country database support aka geolocation
* Multiple ISP support with internal network connectivity monitor
* IPsec matching support
* Ability to map certain traffic to separate zones
* D-Bus API
* FirewallD emulation for NetworkManager's zone support
* Raw nftables rules can be used
* Fresh design, written to use modern nftables's features
## Example configuration
Example configuration file to filter incoming traffic only:
```
zone {
localhost
public
}
public-localhost { # Allow specified incoming traffic
dhcp-client
dhcpv6-client
ping
ssh
drop log
}
localhost-public { # Allow all outgoing traffic
accept
}
```
|
