filtergen compiles a high-level filtering description language into a
variety of target formats.
filtergen reads the ruleset from the infile specified on the
command line (or standard input if infile is "-") and outputs to
standard output (or outfile) via an optionally specified backend.
Both short and GNU-style long option options are accepted:
Only try to "compile" the input, and do not generate any output. This may be
useful to check that an input file has no syntax errors in it before one
attempts to use the result on a live server.
-t target-filter, --target=target-filter
If specified, target-filter will be used to select an output filter type,
otherwise the default of iptables will be used. Supported backends
are iptables, ipchains, ipfilter and cisco (for
Cisco IOS access-lists).
-F policy, --flush=policy
Flush mode. Generate a set of rules for clearing all rules from the packet
filter. Useful for firewall scripts that need to `shutdown' the firewall.
You can supply a policy argument in place of the usual filename, to
specify whether the flushed filter should default to accept,
reject, or drop. It defaults to accept, equivalent to
having no filter loaded at all. It is not necessary to specify an
infile when using flush mode.
-o outfile, --output=outfile
Write output to outfile instead of standard output.