PFW is no longer actively maintained, feel free to continue to use it if it server your purpose. And if you want to continue the development, please send an email to johan@allard.nu and I'll add a link, or redirect everyone to the new home.

It was fun while it lasted, thanks everyone for your support!

PFW - the simple way of managing your OpenBSD firewall

Download the latest stable release
PFW Screenshot

Introducing pfw, a BSD licensed web frontend for the pf firewall in OpenBSD. The goal of PFW is to be as simple and effective as pf is and it has all the functionality needed for use in everyday production environments.

Features

Filter Rules

With PFW, it's very easy to get an overview of the security policy of the firewall. In the edit window, it's easy to edit simple rules with a minimum of "fuss". By expanding the enhanced options, it's also easy to reach the full potential of the pf advanced features like routing option, tags, labels and even probability.

Screenshots: 1 2 3

NAT Rules

PFW can edit nat, binat and redirect rules as you would expect from a simple firewall manager. On top of this you can use the full set of pf pool options and the static-port preventing changing the source port, primarily for IPsec NAT:ing.

Screenshots: 1 2

Traffic Prioritization

Traffic Prioritization can be one of the trickier things to setup and get right. PFW will assist you in making the initial setup easier than just by editing the pf.conf file.

Screenshots: 1 2 3

Remote firewalls & other features

One of the advanced features PFW enables is the ability to manage remote firewalls. This is very handy and much simpler than installing PFW on every firewall system you manage. You can also install the same ruleset at the same time for firewalls in a cluster, or for a group of similar systems.

Other features includes editing of scrub rules, tables, macros and firewall options like timings and default settings.

Screenshots: 1 2 3 4 5 6 7 8

Requirements

PFW requires sqlite and the PHP sqlite extension. Since the sqlite extension has been dropped from the PHP 4 port, PHP 5 is now a requirement. Stick with PFW 0.6.2 if for whatever reason you don't want to update your PHP to version 5.

Pfw has been tested on OpenBSD 4.0 and OpenBSD 4.1, and most functions will work on older versions of OpenBSD as well.

FreeBSD Support

PFW is developed and tested on OpenBSD. There is a port for FreeBSD and it has been reported to work fine. I'm pleased that it is working and when things are not working, I unfortunately don't have time to test and fix them since I don't run FreeBSD myself on any system. PFW could really do with a FreeBSD maintainer to figure out what's working and what's not, and what to do about it. Please email me if you want to step up and offer FreeBSD support for PFW and become the FreeBSD maintainer.

Download

Download the latest source and try it out or go to the download directory to download a previous version.

Mailing Lists

Join the announcement mailing list pfw-announce to recieve information on updates to pfw or join the discussion mailing list pfw-users for general discussions.

What others are saying!

I want to say that I'm really glad I stumbled across PFW. I have been searching for a decent web interface for a while to use on my production firewalls. However, my findings were always along the lines of "pfctl and cli work fine - you don't need a gui". We all know and love the cli, but PFW fills a gap for many people who shy away from the cli. Bottom line - thanks for taking the initiative to create PFW and make it available to the masses.
-- Nathan DeLong
Thanks for such a great piece of software like pfw. It's a pity I didn't discover it earlier.
-- Nejc Skoberne

Definitely the best pf GUI available. Frankly I'm pushing PFW beyond it's limits on the rules side. I'm using two (load balanced) ISP's across two (active/passive) firewalls. I'm using ifstated to load an anchor depending on the state of the ISPs.

I do find myself using the PFW to do a state and queue status check and to parse the logs -- and I'm not normally a GUI guy;-)

-- Steven S
I am always looking for ways to make my task load easier and Johan’s preconfigured pfw ISO is certainly one of those tools. I my line of work I am running into clients that are either unable or unwilling to invest into enterprise level security applications and the pfw is a great help to get them protected quickly without spending too much money or time in setting up a firewall and still provide the security of an OpenBSD system!
-- HP Labude, Chicago

Future plans/Roadmap

The following changes has been considered and might make their way into pfw some day, in no particular order:

If you have any comments, suggestions or bugreports, please email me or please visit the development site.