Pyroman is a speedy firewall solution with great versatility.
One of the great features of Pyroman is its speed, which is significantly faster compared to sh+awk based solutions thanks to its use of iptables-restore. Additionally, the tool offers a rollback to the previous firewall on error to minimize risk. It also provides detailed error reporting to help with configuring, and its syntax enables users to add hosts and nats with ease.
However, there are a couple of downsides to Pyroman. It's not designed for single-host workstation setups and doesn't completely hide iptables complexity from the admin; whether this is good or bad depends on the user's preference. Furthermore, Pyroman only supports iptables and does not include TC/Shaping, IPsec, proxy arp setup, VPN, or ifconfig.
One example configuration for Pyroman is a simple webserver configuration that includes NAT. While the example is Python script, the tool's syntax is relatively easy to use, so users don't have to write their configurations in a programming language.
In this latest release of Pyroman, rule name handling for INPUT/OUTPUT/FORWARD and ACCEPT/DROP/REJECT rules has been cleaned up for better organization. The tool now defaults to the kernel names, and the base examples provided make use of connection tracking to enhance performance.
Version 0.4.6: N/A