The programming language C has been described as a 'write-only' language; it's so terse and efficient that it can be difficult to understand even code that you've written yourself. The same might be said of iptables, the Linux kernel's built-in packet filtering firewall. Raw iptables rules look something like this:

iptables -A INPUT -d 10.0.2.15/32 -p tcp -m tcp --dport 80 -j ACCEPT 

Unless you derive a sense of machismo from mastering apparently meaningless strings of line noise, which admittedly is an occupational disease of UNIX sysadmins, it would be nice to be able to express firewall rules in a more ...