The UIF project has been developed for a diskless router system and provides a mechanism to create and simplify packet filter rules. It forces you to provide names for every value you use in order to make firewalls less confusing.
Please have a look at the man pages for uif(8) and uif.conf(5). There are also example configurations in the docs/ directory.
EXAMPLES for UIF:
Imagine the following scenario with one packet filter and masquerading:
ppp0 eth0
internet-----------filter-------------proxy---------intranet
193.174.71.23 192.168.0.1 192.168.0.2 192.168.0.0/24
The filter masquerades the proxy address and rejects all other internal
traffic to the internet.
Don't forget to enable forwarding (sysctl -w net.ipv4.ip_forward=1),
respectivly adding it to /etc/sysctl.conf.
Router doing nat and transparent proxys
Imagine the following (not really usable) scenario:
eth0 eth1
Internet---------filter------------switch
80.67.1.53 10.10.0.1 |
+--gatekeeper 10.10.0.15
|
+--[intranet]
Imagine "filter" is running squid as a transparent proxy and "gatekeeper"
is your ssh gateway to the intranet. No other connections to the intranet
are allowed. "filter" is acting as nameserver, no additional connections
from the inside to the outside are allowed.There is some LDAP support built-in, with that you can handle a big farm of diskles router configurations. Use uif(8) and information provided in the doc/ directory to configure the firewall fitting your needs.
uif firewall
Dependencies:
In order to use the script, you need iptables, ip6tables, Perl, NetAddr::IP (>=3.0), Socket, Data::Validate::IP and optionally Net::LDAP.
Usage and install:
Debian: apt-get install uif Manual Installation: cpan install NetAddr::IP Data::Validate::IP git clone https://github.com/cajus/uif && cd uif make man uif (for manual documentation)
Source: https://github.com/cajus