WallFire is a modular firewall software that can integrate with any low-level framework. It offers expansive and general fire-walling capabilities based on Netfilter technology.
The package comprises a server-side that includes wfpolicyd and wfcommitd. Wfpolicyd is a daemon that runs on any host, centralizing rules and policy management, while wfcommitd runs on the firewall(s) itself and commits the firewalling rules, regardless of the platform and tools used. Every firewall must run a wfcommitd daemon, while only one wfpolicyd is required for the whole site.
The client-side comprises libraries like wfnetobjs, on which every operation relies, a tool that imports/translates rules from any supported firewalling language called wfconvert, a log analysis and reporting tool named wflogs, an administration shell tool called wfadmin, an X (Qt) administration front-end called xwfadmin, and the PHP-based Web administration interface, webfire. Users have the flexibility to run server and client parts on different hosts. All communications will be authenticated and encrypted using SSL. Every data, including network objects, rules, and logs, can be importable/exportable in XML.
WallFire has implemented some libraries (wfnetobjs, for example), the wfconvert, which is highly functional, and wflogs, which are mature and fully functional. Note that users can use wfconvert and wflogs locally, independently of other WallFire tools.
The latest release improves the matching of netfilter and ipfilter input modules, adds support for Cisco FWSM (PIX), and improves netfilter parsing. It also includes compilation fixes for *BSD, adds wflogs.dtd, and introduces the wfchkintegrity tool, which allows users to monitor changes in the firewalling configuration.
Overall, WallFire is a highly functional and versatile firewalling application that provides users with powerful tools to manage their firewall administration. Its availability as libre software makes it highly accessible to anyone, which is a great advantage.
Version 0.9.8: N/A