projects / firewall-scripts.git / summary
| description | Quickly set up firewall |
| last change | Wed, 22 May 2024 14:39:40 +0000 (09:39 -0500) |
| URL | http://mivirldevekbr6wvubebfbxbzhxnqdv2z6ehnojgv63qsgnukfiix4yd.onion/git/firewall-scripts.git |
| https://mivirl.dev/git/firewall-scripts.git |
A script for quickly set up firewall rules on linux for either an iptables or nftables backend
Tested on Debian 12, CentOS 9, Rocky 8/9
All testing has been done with distributions using nftables, so there potentially could be issues with the iptables backend
Usage: ./firewall.sh [-p] [-d policy] [-f firewall] [-r port,action,direction[,ip[,protocol]]] [-s] [-S ip] [-n] [-N ip] [-i] [-y] [-b]
-r Rule to set, with the actions: "accept" or "drop", the directions: "in" or "out", and the protocols: "tcp", "udp".
If the port is "_", then the rule applies to all ports
-p Save rules persistently (restore after reboot)
-d Set default firewall policy to actions: "accept" or "drop"
-f Use specific firewall instead of attempting autodetection
-S Allow incoming ssh from specific ip
-s Allow incoming ssh from any ip
-N Allow dns to specific ip
-n Allow dns to any ip
-i Allow icmp pings
-y Don't confirm connectivity
-b Don't back up previous rules
Examples:
./firewall.sh -f iptables -r 80,accept,in -r 443,accept,in -r 22,drop,out
./firewall.sh -f nftables -d drop -S 192.168.1.2 -N 8.8.8.8
./firewall.sh -r 1234,accept,in,192.168.1.2
| 2024-05-22 | mivirl | Remove icmp echo rate limits; Copy nftables config master | commit | commitdiff | tree | snapshot |
| 2024-05-22 | mivirl | Allow specifying a domain instead of an ip | commit | commitdiff | tree | snapshot |
| 2024-05-22 | mivirl | Make backups and allow skipping backups | commit | commitdiff | tree | snapshot |
| 2024-03-02 | mivirl | Initial commit | commit | commitdiff | tree | snapshot |
| 7 months ago | master | shortlog | log | tree |