Items What is it? How does it work? News Authors Supported systems Download Documentation Bugs TODO (future developments) Mailing-lists CVS License Credits Related stuff

What is it? Wfconvert is a firewalling tool which imports/translates rules from/to any supported firewalling language. It is part of the WallFire project, but can be used independently. See WallFire homepage. Wfconvert is "libre" (free as a speech, in English) software. It is mainly written in C++ and is intended to run on every *nix system.   How does it work? Concepts WallFire uses the genuine tools (netfilter/iptables, ipfilter, etc.) present on your system to apply the firewalling policy. WallFire provides a fairly high-level rule description language, which does not support all of the features of these packet filters, but might be sufficient for most average users. wfconvert is a compiler which imports/translates firewalling rules from/to any supported language. For the moment, only Linux 2.4 and 2.6 users (netfilter/iptables) will be able to use it properly. Using wfconvert with wallfire input module and netfilter output module should work quite well now. Wfconvert is modular. It relies on a library (libwfruleset) which deals with modules (static or shared). Each modules handles a firewalling rules description format for the corresponding tool. input modules: wallfire, iptables_save. output modules: wallfire, wallfire_xml, netfilter. Usage examples Here is an example of the wallfire language syntax.   News Mar 2 2005: release of wfnetobjs-0.2.4 and wfconvert-0.4.1 Feb 18 2005: release of wfnetobjs-0.2.3 and wfconvert-0.4.0 Sep 6 2004: Hervé Eychenne was invited to the 3rd Netfilter Workshop, which took place in Erlangen (Germany), just before Linux Kongress. Here is the summary of the Workshop. May 8 2004: release of wfnetobjs-0.2.1 and wfconvert-0-3.1 Apr 30 2004: release of wfconvert-0.3.0, which is a major improvement over the previous version Aug 18 2003: Hervé Eychenne was invited to the Netfilter workshop 2003, which took place in Budapest. I made a talk about the WallFire project, and about my wishlist for Netfilter, especially from the WallFire point of view. Here are the slides in MagicPoint format, or in HTML. Here is the summary page of the Workshop. Oct 30 2002: release of wfnetobjs-0.1.6, wfconvert-0.2.0, and wflogs-0.9.3 Sep 26 2002: the netobjs library was taken out of wfconvert, and became a separate source tree, used by wfconvert and wflogs. Release of wfnetobjs-0.1.5, wfconvert-0.1.5, and wflogs-0.9.2 Aug 21 2002: release of wfconvert-0.1.4 and wflogs-0.9.1 Jul 29 2002: release of wfconvert-0.1.3 and wflogs-0.0.5 Jul 12 2002: I'm doing a talk about WallFire, as part of the  security topic at the  Libre Software Meeting. Here are the slides in MagicPoint format, or in HTML. May 30 2002: release of wfconvert-0.1.2 and wflogs-0.0.3 May 3 2002: public release of wfconvert-0.1.1 and wflogs-0.0.2 Apr 5 2002: I was hired by KDX Ingenierie, spending half of my job time on WallFire development. See credits section. Mar 7 2002: first public release of a WallFire tool: wfconvert-0.1.0. Who said "vaporware"?! ;-)   Authors Author: Hervé Eychenne <rv _AT_ wallfire.org> Please avoid using this address. Use the different mailing-lists instead.   Supported systems WallFire is intended to work on real systems such as Unix, especially Linux and *BSD. For the moment, only Linux 2.4 and 2.6 users (netfilter/iptables) will be able to use wfconvert properly.   Download Wfconvert, as well as WallFire, is released under the GNU GPL (see license section). Upstream files: Mar 2, 2005: wfconvert version 0.4.1: ChangeLog Gzipped source code: wfconvert-0.4.1.tar.gz [609 Kb] [HTTP] md5sum: 8f56efeb864d542ab7cb80a957456204 Bzipped source code: wfconvert-0.4.1.tar.bz2 [445 Kb] [HTTP] md5sum: 24670c5939e7c91d0a5bb8ecd76084d1 Feb 18, 2005: wfconvert version 0.4.0: ChangeLog Gzipped source code: wfconvert-0.4.0.tar.gz [610 Kb] [HTTP] md5sum: 8be01645efba7799240132d67aabff67 Bzipped source code: wfconvert-0.4.0.tar.bz2 [446 Kb] [HTTP] md5sum: 491ab4ba89199c547a6a4d5883267492 May 8, 2004: wfconvert version 0.3.1: ChangeLog Gzipped source code: wfconvert-0.3.1.tar.gz [567 Kb] [HTTP] md5sum: 82c7242d5a8d2b1365c80e6e8d8dec2b Bzipped source code: wfconvert-0.3.1.tar.bz2 [410 Kb] [HTTP] md5sum: 59c88b561696dd4420ed3a48eda710be   Documentation FAQ (Frequently asked questions): the tools are completely self explanatory, and people never ask me the same questions twice... ;-) Ok, you win, the WallFire FAQ is here. HOWTO: the WallFire HOWTO. Man page: wfconvert(8). Info pages: I do not like info very much, so... not yet. ;-)   Bugs Known bugs: Bugs? What's this? ;-) Well... too many for the moment. Bug reports Submit a patch   TODO (future developments) The developer wfconvert TODO.   Mailing-lists Please see WallFire mailing-lists.   CVS Wfconvert code is still not under CVS (but wflogs is). When it will be, you will be able to use this: Anonymous CVS access: How to check out source anonymously through pserver: Type the following: $ cvs -d:pserver:anonymous@cvs.wallfire.org:/cvsroot/wallfire/ login and just press Enter, as there is no password for anonymous login. Then, to retrieve the module you want, type: $ cvs -d:pserver:anonymous@cvs.wallfire.org:/cvsroot/wallfire/ co wfconvert Then, in the wfconvert directory, type: $ ./autogen.sh After initial checkout, you can go into this directory and execute cvs commands without the -d tag. For example: $ cvs update If you want to receive real-time notification of checkins in the CVS tree, you may subscribe to the wallfire-checkins@lists.wallfire.org mailing-list. See http://wwwlists.wallfire.org/mailman/listinfo/wallfire-checkins/ Daily snapshot of the whole CVS tree. CVS source code browser. Please be aware that there may be a little delay (depending on SourceForge servers) between the last changes and their availability through anonymous access. Developer CVS access (via SSH) for coreteam members: none yet.   License This program is "libre" software, which means free as a free speech, not free beer! (which doesn't imply I don't enjoy a free beer occasionally ;-) It is released under the terms of the GNU General Public License (GPL).   Credits I started developing WallFire in year 2001 as a personal project. I'd like to thank KDX Ingenierie for having sponsored me betweek 2002 and 2004. I did some stuff for Netfilter in its early stages, in the spring of 1999. I would like to thank Netfilter initial author Paul "Rusty" Russell for his competence, his kindness and uncomparable sense of humor.   Related stuff Netfilter/iptables: the powerful firewalling framework for Linux 2.4 and 2.6. IPFilter: the excellent packet filter issued from *BSD systems (well... even if there has been some licensing problems recently). Ipchains: the firewalling tool of Linux 2.2.

Note: this page is generated by a template. Be aware of this before submitting patches containing formatting information against this page.