Pyroman is a firewall tool written in Python for complex networks, but it can of course also handle simple single-host-single-link setups.

Interesting features: * Fast, due to use of iptables-restore for mass setting of rules * Rollback to previous firewall configuration on errors * Safety options to prevent mistakes in configuration (success confirmation prompt and/or scripted external verification) * Detailed error reporting * Lots of verification checks done before execution * Powerful yet clean configuration files (in Python and/or XML) * Designed for multiple hosts, firewalls, networks * Consistent firewalls for IPv4 and IPv6 * Can print static rules in single-shot usage to load with other tools such as iptables-restore and iptables-persistent, or to manually adapt

Pyroman is inspired by Shorewall and FireHOL, but tries to improve upon them with respect to performance and ease of configuration.

Pyroman currently only configures iptables/netfilter firewalls, it does not include configuration utilities for setting up VPN or traffic shaping.