etherdam, the IPTables firewall configuration engine May 8 2004 - version 0.3 released
(1) What It Is
First thing to note is that etherdam comes with NO WARRANTY! It is licensed under the GPL v2 though; there should be a file called "COPYING" in the root directory of the source tree which goes into this license in great detail.
etherdam is a new project for me. In short, I got tired of looking up complex IPTables incantations to do simple stuff like basic firewalling, so I came up with a new (hopefully easier-to-manage) firewall configuration language, plus a rudimentary processing engine. Primarily etherdam is meant to make simple firewalling easier; hopefully it is also flexible enough to handle complex scenarios like routing+VPN+squid+...
etherdam doesn't replace iptables; instead it's a wrapper for iptables. It relies on iptables at the back-end but provides a different configuration scripting language at the front-end. It comes with an accompanying LSB-compliant init script for distributions with a SysV-style init layout.
(2) What Do I Need to Use It?
You need iptables and the Bourne-Again SHell (bash). Aside from that, you should need nothing that isn't already present on a basic POSIX-compliant flavor of UNIX. Since Linux 2.4 and higher is the only platform that currently supports iptables, that means etherdam is primarily Linux-oriented.
It should be noted that iptables firewalls are largely kernel-based; the kernel-land subsystem is called netfilter, and iptables is really just the de facto suite of userland management utilities for netfilter. As such, iptables depends on the netfilter subsystem, and the level of functionality available via iptables is directly proportional to the level of netfilter functionality enabled in the kernel. Fortunately, most current Linux distributions ship with a reasonable level of netfilter functionality enabled.
(3) How to Install?
If you got a precompiled package (i.e. RPM or DEB), consult the package manager documentation for installation instructions. For RPM packages,
rpm -Uvh <package>
will probably work.
The following commands should work for building from source:
tar -xvzf etherdam-0.1.tar.gz
cd etherdam-0.1
./configure
make
(su to root--you didn't just compile it as root, did you?
Shame on you! Bad admin! Bad!)
make install
(4) How to Set Up
It should be fairly simple to set up your default firewall configuration. etherdam installs a default configuration file (firewall.conf), usually in /etc or /usr/local/etc. Although this file is only suitable for very special scenarios, it's heavily commented and doesn't take much adjustment to set up a simple firewall.
To load the firewall configuration, you can run "etherdam /path/to/firewall.conf" with an appropriate path.
(5) The firewall.conf File
Currently, the format of this file is documented only via comments in the default firewall.conf file. Documentation will be improved as I have time.
(6) Extras
I figured you might have a SysV-style init script layout, so you might want a startup script for etherdam to fit in with all that. Precompiled packages will usually put such a script in /etc/init.d and call it "firewall", in accordance with the Linux Standards Base (LSB). If you compile it yourself, the script will be placed in $(sysconfdir)/init.d/. $(sysconfdir) defaults to /usr/local/etc, but it can be changed by passing the "--sysconfdir" option to the ./configure script.
(7) I think I found a bug! What do I do?
First, compose your thoughts, and clear your mind of any visions of busting heads, breaking fingers, Chinese paper torture, etc. Flames will probably go straight to /dev/null. I've experienced that "enraged" feeling that you might be feeling, but I've also kept my fury in check, and I'm almost always glad of it.
If you have developed a patch, feel free to send it to me, and I'll see what I can do with it.
If you discover a bug and really can't be arsed to fix it, that's OK too. It would be nice if you could give me a scenario where I could reproduce the bug.
Best of luck to you,
Kelledin (kelledin@users.sourceforge.net)