Read the "development notice" box below!

 [DAXFi - The Dynamic XML Firewall] Introduction
Mailing lists

What is DAXFi

DAXFi is a Python package that helps configure several different kinds of firewalls in a consistent way.

The rules can be described with XML files, XML strings, or generated directly by the code.

It comes with a Python package, useful to build other applications aimed to manipulate different firewalls in a homogeneous way and includes some useful example programs.

Subscribe to DAXFi (with Freshmeat)
Development notice

Developers required!
DAXFi is not actively developed since about three years, now.
On 25 April 2007 I've released version 1.1, with the latest patches applied, so that it could work with recent Python versions.
If you want to revive this project, I'll be glad to add you to the developers list.

Required skills: Python, C, firewalling concepts, basic XML, a little of knowledge of various operating systems' kernel (Linux, *BSD, Solaris, etc.) on different architectures (i386, powerPC, Alpha, etc.) could help.

Things to do: create a distutils file, clean the code, support other firewalls (ipfw, pf, etc.), write a XML schema. See also the TODO.txt.

Contact me: if you're seriously interested, mail me at or, even better, subscribe the daxfi-devel mailing list.

Supported firewalls

  • iptables
  • ipfilter
  • ipchains
  • ipfwadm
What's new
(25 Apr 2007)

This is a version with every patch applied; only the tar.gz is available.


How can you use DAXFi?

If you are a developer:

If you are a user or a system/network administrator, you can use one of the programs already available:


You can download DAXFi from

DAXFi is actually hosted on SourceForge; you can read the project summary here:
DAXFi's page on Freshmeat is here:


A demo cgi created using DAXFi.

Demo Description source
DAXFi demo Create firewall rules on the fly. daxfidemo-0.1.tar.gz


DAXFi comes with a huge amount of documentation; here you can find only what can be useful as introduction to DAXFi.

Tutorials and other texts

XML rule example

<?xml version='1.0'?>

<!-- Accept and log packets incoming from IP addresses '',
     on interface 'le1' directed to  TCP port '80' -->

  <rule direction='in' source-ip='' interface='le1'>
    <tcp destination-port='80' />
    <accept />
    <log />

You can see the resulting command for a given firewall using the daxfixmlfile script.

If you're using ipchains, the resulting command will be:

ipchains -A input -j ACCEPT -l --destination-port 80 -p 6 --interface le1 --source

With iptables, two distinct commands are created and run:

iptables -A INPUT -p 6 -j LOG --destination-port 80 --in-interface le1 --source
iptables -A INPUT -p 6 -j ACCEPT --destination-port 80 --in-interface le1 --source

For ipfwadm:

ipfwadm -a accept -I -S -D 80 -o -P tcp -W le1

And with ipfilter:

pass in log quick on le1 proto 6 from to port = 80


Obviously the code is still quite immature and many improvements are needed: take a deep look at the rules that DAXFi will generate.

Mailing lists

Users support

If you are (or if you want to become) a user of DAXFi you can post questions, problems and suggestions to the Open Discussion and Help forums.


If you are interested in the development of DAXFi, you can join the daxfi-devel mailing list (or you can read the archives).
You can also read the TODO list.
Moreover, fell free to contact me at:

SourceForge Logo Created with VIM Python Powered Mimas, my personal home page (Italian) My wish list