Sorry chiming in a bit late, but the best iptables scripting tool I've found is firehol: http://firehol.sf.net/ It's actively maintained, makes really tight rules, and provides the right level of abstraction for making obvious what you intend the firewall to do without getting bogged down in the arcana of either a scripting language or iptables. It's especially useful for iptables machines where there's more than one person maintaining the firewall because it keeps the "What the hell were they thinking?!" factor down to a minimum. And, obviously, if you're just getting started in firewalling it's far better to have something you can understand and make small modifications to, rather than blindly ginning up iptables rules -- a bad firewall is worse than no firewall because it gives you a false sense of security. Firehol's "explain" mode prints out the rules it *would* generate for a given directive to help you undertand iptables. And, while we're on the subject, I would be remiss if I didn't include a link to a very helpful diagram for understanding iptables: http://l7-filter.sourceforge.net/PacketFlow.png Cheers -=Eric
