Simple Iptables Script Generator

This script generates a simple, yet effective, iptables firewall policy for use on independent hosts (such as web servers, etc.) connected directly to the Internet.

General Options


Usually, anything arriving or exiting on a loopback interface should be allowed. This is because local applications sometimes bounce data to each other using the TCP/IP stack via loopback.

Accept Inbound Traffic


By default, all inbound traffic is blocked. Thus, select the services your want the outside world to have access to on your host.

Accept Inbound ICMP Messages

ICMP (Internet Control Message Protocol) messages are used to report error conditions and controlling connections to your server. If you wish your host to be able to respond to ping or traceroute, enable the options above.

Restrict Inbound Client Access

By default, 0.0.0.0/0 will allow anyone to access the available services. In order to only allow private LAN clients, set this value to 10.0.0.0/24 or similar.

Last updated: 02-06-2007 06:27