iptables firewall scripts

A long time ago I’ve read through the iptables manuals and howtos and wrote my own firewall script. I’ve deployed it in various fashions on many systems I’m responsible for and system I setup for friends. With time some friends who installed their own systems asked me for my firewall script. This was when I thought I should put it on my homepage, and now I found some time to rewrite my scripts to make them easier to understand and to make this html page. I’ve uploaded scripts for various purposes, choose the one that fits you most. I’ve put them all into one tar.bz2 file.

IMPORTANT: Some people extracted the archive on Windows with Winzip (then copied the files to their Linux system), which changed the “End of Line” chars to windows encoding, this WILL NOT work! Extract it on a Linux system or you have to convert them after copying.

# if you don't have wget on your system, install it (on debian apt-get install wget)
wget http://robert.penz.name/files/firewall/iptables_firewall_scripts-0.3.tar.bz2

tar xjf iptables_firewall_scripts-0.3.tar.bz2
# if you get an error message you don't have the bzip2 installed --> install it
# (on debian apt-get install bzip2)

Tabel of Content of the archive:

  • iptables.rules: Standard script for server/workstations, default only connects to the sshd are allowed from remote hosts. just uncomment the rule of the service you want to provide.
  • iptables.rules.ppp: This script is for Linux boxes that provide an internet connection for other computers via a dialup/isdn/adsl/sdsl/cable. It does masquerade the systems behind it. You have to change the device of your internet connection (i.e. ppp0, ippp0, …) and the ip-subnet that it masquerades to your needs.
  • filter: This is the init script, which you need to put into /etc/init.d/ , just rename it that way that you don’t overright an existing init script. It calls the real script (one of the above) if need. Thats script needs to be named /etc/iptables.rules, so you need to rename the ppp script.


Download the archive below and extract it. Copy on of the rules scripts to /etc/iptables.rules and the init script to /etc/init.d/filter (or an other name, doesn’t really matter). Edit the 2 files so verify that the pathes to the commands are correct and that the script reflects your firewall wishes. Call /etc/init.d/filter start to test it. if you’re sure it works, put the symlinks in the correct runlevels so the firewall comes up on boot. (Suse, Redhat runlevel 3 and 5, Debian runlevel 2345, but you should use the debian tool for it: “update-rc.d filter defaults 13“)


iptables firewall scripts
Copyright (C) 2001-2008 by Robert Penz

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307, USA.



Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 23 queries. 0.134 seconds.