Pyroman was developed to configure the firewall of the Center for Digital Technology and Management (a joint institute of the University of Munich and Technical University, Munich).
There are hundreds of existing tools to configure Linux firewalls, but none exactly met our requirements. Some required a graphical user interface to run or were not well suited for complex networks. Others were just too slow or the configuration files too cryptic.
Pyroman is the second iteration of out tool, the first one was written in Perl the second now is in Python. The strengths of Pyroman are
- It is very fast, by using “iptables-restore” instead of individual calls to “iptables”.
- It can automatically undo changes, in case you blocked yourself from the firewall.
- It has a very easy to understand configuration language.
- It will assist finding configuration errors.
- Is designed for configurating a firewall with multiple networks (e.g. external, intranet, wireless, VPN and a demilitarized zone DMZ), which in turn may contain various services (web-, mail-, file-, vpn-, …) with easy and precisely defineable access permissions (e.g. wireless may only access VPN and the main website, but nothing else)
- It allows access to the full iptables functionality.
The program is OpenSource, and available on it’s project homepage.