Description
Firewall rules can be described in a more flexible language and translated into iptables behavior.
It is useful for administrators who want expressive rule definitions instead of maintaining raw iptables commands. Firewall mistakes can expose services or block needed traffic, so generated rules should be reviewed and tested with recovery access.