Finally, found a good use-case for OCaml

4 hours ago

lpf is a next-generation Linux firewall that consolidates filtering, NAT, routing, queues, tables, and logging into one PF-style rule file.
It integrates nftables, policy routing, tc, conntrack, and logging for readability, reviewability, and safe remote application.
Features include plans, diffs, guarded apply with confirmation timers, history, rollback, and tools to inspect packet matches and drift.
Installation is via Debian or RPM packages; the repository can be cloned for OCaml builds, tests, and local fixtures.
Usage involves commands for validation, formatting, planning, diffing live configs, applying with confirmations, and explaining packet matches.
Example policies demonstrate rules for web server filtering, NAT for applications, local network routing, and DNS filtering with custom tables.

Hasty Briefsbeta