The ferm debian package
=======================

By default, ferm's configuration file is /etc/ferm/ferm.conf.  The
directory /etc/ferm is reserved for includes you might want to write.

The init script itself is configured with /etc/default/ferm, which
contains several variables.  Most important for now is "ENABLED=yes"
if you want ferm to be run automatically on boot.

Setting "FAST=yes" is, well, faster - but you shouldn't enable it on
Debian Sarge because it ships iptables 1.2, which is know to be too
bugged for ferm's fast mode.

If you want to use ferm on sarge you have use iptables 1.3 or remove the 1.3
dependency and set FAST=no in /etc/default/ferm (the latter is done for the
packages on backports.org). 

The cache ("CACHE=yes", disabled by default) speeds things up, too,
because ferm will only be run when you modify its configuration, but
this also means that ferm's rollback-on-error isn't assisting you.
Also note that the init script doesn't notice when you change an
include file.  To work around that, touch /etc/ferm/ferm.conf.

I recommend you use ferm's so-called "interactive mode" while you
develop firewall rules on remote machines.  In this mode, ferm applies
the new firewall rules and asks you for confirmation.  If you don't
confirm within 30 seconds, ferm reverts to the previous rule set.
Run:

  ferm --interactive /etc/ferm/ferm.conf

 -- Max Kellermann <max@duempel.org>