The ferm debian package ======================= More information about ferm can be obtained from the github ferm page, https://github.com/MaxKellermann/ferm, or on the project page, http://ferm.foo-projects.org/. Please note that ferm.foo-projects.org does not support https and the https version of that URL currently (2025-05) ends up in an "under construction" page. Many modern browsers use https without explicitly being told to. By default, ferm's configuration file is /etc/ferm/ferm.conf. The directory /etc/ferm/ferm.d is reserved for includes you might want to write. The init script itself is configured with /etc/default/ferm, which contains several variables. Most important for now is "ENABLED=yes" if you want ferm to be run automatically on boot. The cache ("CACHE=yes", disabled by default) speeds things up, too, because ferm will only be run when you modify its configuration, but this also means that ferm's rollback-on-error isn't assisting you. Also note that the init script doesn't notice when you change an include file. To work around that, touch /etc/ferm/ferm.conf. I recommend you use ferm's so-called "interactive mode" while you develop firewall rules on remote machines. In this mode, ferm applies the new firewall rules and asks you for confirmation. If you don't confirm within 30 seconds, ferm reverts to the previous rule set. Run: ferm --interactive /etc/ferm/ferm.conf -- Max Kellermann 2013 -- Marc Haber 2025