Projects / ferm


ferm is a tool to maintain and setup complicated firewall rules. It allows one to reduce the tedious task of carefully inserting rules and chains, thus enabling the firewall administrator to spend more time on developing good rules, and less time on the proper implementation of those rules. These rules will be executed by the preferred kernel interface, such as ipchains and iptables, and in one pass. Firewall rules can also be split into different files and loaded at will.

Operating Systems

Recent releases

  •  17 Jul 2011 15:08

    Release Notes: Better support for mixed IPv4/IPv6 rules.

    •  26 Feb 2011 01:35

      Release Notes: New @cat, @substr, and @length functions, and updates for the "state" and "icmp" netfilter modules.

      •  04 Nov 2010 08:37

        Release Notes: New string comparison functions, IPv6 support in the resolver, and support for "ebtables --snap-arp".

        •  18 Jul 2009 09:35

          Release Notes: Negation is now supported in mark, connmark, and set. The $FILENAME automatic variable was added. @include can now run a program. The $CHAIN variable within @subchain was fixed.

          •  28 Feb 2009 23:27

            Release Notes: Double negation is detected. Detection of negated arrays was improved. dpkg's backup/temporary files on @include are ignored. "Flush" hooks were added.

            Recent comments

            16 Apr 2002 07:36 cassee

            Re: Comments needed!
            I implemented IP filters for one gateway and two servers in a DMZ network with ferm, and it it VERY easy to setup. Way better then other filter setup scripts, because you don't lose the flexibility of the iptables system.

            The only thing missing is an init script to load a pre-defined ferm script (say, /etc/ip-filter.ferm). But this might be a job for packagers.

            02 May 2001 15:39 sofar

            Debian package

            In case you're interested: there's a debian package available at, see the project homepage for it's exact location.


            08 Jan 2001 11:19 sofar

            Comments needed!
            Hi there!

            I'm very anxious for comments, patches, bugreports, well, anything actually!
            Does Ferm behave you expected it to be? Do you like the way ferm handles
            rules? Wish something would work differently? Anything else?



            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.