This is the ipfwadm2ipchains script, designed to convert ipfwadm rulesets into ipchains rulesets. Simply feed it your ipfwadm rules via stdin and it will print out the corresponding ipchains rules.
For example, here's our example ipfwadm firewall, stored in rust.examples:
#!/bin/bash ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0 ipfwadm -I -a accept -V 10.1.2.1 -S 10.0.0.0/8 -D 0.0.0.0/0
Process it with ipfwadm2ipchains, like so:
cat rust.examples | ipfwadm2ipchains >rust.ipchains
and you get the output file rust.ipchains:
#!/bin/bash ipchains -P forward DENY ipchains -A forward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0 ipchains -A input -j ACCEPT -i eth0 -s 10.0.0.0/8 -d 0.0.0.0/0
Make a file called new_rules and place the following lines in it:
if [ -f /proc/net/ip_fwchains ]; thenThe contents of your new ipchains ruleset file
elif [ -f /proc/net/ip_input ]; thenThe contents of your original ipfwadm ruleset file
This new combined file will work under both an ipchains and an ipfwadm kernel.
ipfwadm2ipchains, starting with version 0.5.2, deals with blank lines in the input correctly.
ipfwadm -lenObut successfully converts
ipfwadm -l -e -n -O.
To download one of the following, right click on it and choose "Save link as..." or something like that. /usr/bin/ might be an appropriate place for it.
ipfwadm2ipchains (the latest version).
Version 0.5.2. 0.5.2 handles blank lines in input correctly.
Version 0.5.1. I made a mistake in 0.5.0 in the "Insert Rule" conversion by reversing the rule name and number.
This first release needs some testing; let me know what you find.
dotfile-prep. I wrote a small wrapper script for use with the ipfwadm dotfile generator. It's not really tested heavily as I don't use that program.
If you have suggestions or questions, please email me at firstname.lastname@example.org.
I'm especially interested in even brief success or failure reports.
This program drew on the conversion table in Appendix A of the ipchains-HOWTO - Thanks, Rusty.
Best viewed with something that can show web pages... <grin>