Hiya, DFD is the moniker I made up to describe a program that manages your firewall rules, allowing changes to be made in them with more ease and less chance of error than editing a text file.
dfd_keeper is the python/pf implementation that provides a command-line style interface to your firewall rules accessible via netcat or telnet. I've added persistence to dfd_keeper. This means that changes to your firewall rules persist across reboots. The keeper_example.py script shows how to use the persistence and should be your guide to using dfd_keeper. It implements a common firewall setup -- NAT, blocking inbound connections, etc. Persistence was a bit trickier than I expected since I did not consider the effects of immutability on persistence. The supported commands include a command to block a foreign host from communicating with your LAN, a toggle for all WAN connectivity, and the standard helper commands; online help, showing the current ruleset, manually syncing the ruleset with the firewall, and manually flushing a state table entry corresponding to an IP (or IP pair, or all entries). Homepage: http://www.lightconsulting.com/~travis/dfd/dfd_keeper/ As usual, I look forward to any comments or suggestions. -- http://www.lightconsulting.com/~travis/ -><- P=NP if (P=0 or N=1) "My love for mathematics is like 1/x as x approaches 0." GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B