Simple Little Firewall Monitor

There's a link to a copy of the source code for slfm below. slfm is a simple, modular firewall monitor that processes iptables log messages and informs the user of attempts to access unauthorized services on the machine. It also lets the user set up actions to take in response to these packets if desired using a simple, but powerful expression handling system. Check out the man page for more information.

As of Version 0.3, slfm supports modules. While currently the only input module processes iptables log messages just like version 0.2, it is now possible to have a module read data from any source and have slfm process that information. Processing and output modules are supported as well, meaning the program can (assuming modules are implemented) do much more than just inform the user of illegal attempts to access the local machine. Version 0.3 includes a much nicer ncurses interface, as well as the older interfaces from version 0.2 that dumps output to the screen and syslog. Check the changelog and release notes for more detailed information.

Ok, this should go without saying, but seeing as how the changes from version 0.2 to 0.3 are small but significant, it is important that you read the documentation before running the program. At the very least, go through the release notes and fw.conf.

Please email comments, criticisms, bugs, or things you'd like added to the program to

version 0.3 - the latest incarnation of my boredom (otherwise known as slfm)

Release Notes

version 0.2a fixes a parsing error and has some manpage cleanups.
The source RPM below is courtesy of Calum Selkirk (thanks Calum)




mail comments/bugs to

enjoy :))


Page updated on 1 March 2002