Managing firewalls with iptables
"Programming can be fun, so can cryptography; however they should not be combined."—Kreitzberg and Shneiderman
The programming language C has been described as a 'write-only' language; it's so terse and efficient that it can be difficult to understand even code that you've written yourself. The same might be said of
iptables, the Linux kernel's built-in packet filtering firewall. Raw
iptables rules look something like this:
iptables -A INPUT -d 10.0.2.15/32 -p tcp -m tcp --dport 80 -j ACCEPT
Unless you derive a sense of machismo from mastering apparently meaningless strings of line noise, which admittedly is an occupational disease of UNIX sysadmins, it would be nice to be able to express firewall rules in a more ...