Help & Information
This utility generates an iptables firewall script for use with the 2.4, 2.6 & later Linux kernel; the script is suitable to be used directly with RedHat/CentOS-type distributions, and is easily converted for many others.
Ever since the 2001 kerfuffle surrounding the Alcatel A1000 router, it has been clear that a firewall is not really an option for any device exposed to the Internet; it is a requirement.
This firewall will be effective with both home computers & also with small-to-medium internet servers (you will need root access to implement the firewall on either). Large internet servers with millions of daily users will deploy a dedicated, hardware Firewall, together with dedicated support staff. Smaller servers will be perfectly satisfied with an iptables firewall.
The bash-script generated by this utility is designed to be loaded at device startup, and from that point on runs in the kernel, examining every packet to & from the internet. The generated rules can be many hundreds of lines long, and yet cause no noticeable slowdown in the device. iptables is one of the features that causes linux to stand out from the crowd; make use of it.
The firewall is intended for use on a single system connected to the Internet, or a gateway system for a private, internal network. It provides a range of options, but is not intended to cover every possible situation. Please make sure that you understand what each option in the generator does, and take the time to read the comments in the resulting firewall. This generator will not, for example, generate a firewall suitable for use with a DMZ, but it can provide a starting point. For the most common uses the generator should produce a firewall ready for use.
more information on iptables firewalls➚
Easy Firewall Generator implements several ideas➚ presented in Oskar Andreasson’s iptables-tutorial. The link to his tutorial is maintained on the resources page:
Links to additional firewall resources➚
Select the desired options and click the Generate Firewall button. You will note that many options have child-options that need to be selected or filled-in, whilst some of those children themselves have child-options that will also need to be completed. When all options are in a completed state the firewall will be returned as a text document. Save the result as “iptables” for Redhat systems or “rc.firewall” for many others.
This page is produced by a html5/css3/utf-8/js templated translation of the last EFG release (v1.17, © 2005 Scott Morizot). This v2.00 updated version seeks to give identical output to the original v1.17 EFG (CHANGELOG➚); all v2 bugs are © 2014 Alex Kemp.
Here is the forum thread maintained for giving, or asking, for further assistance with the EFG - you can also provide extra translations, or templates, or obtain the GPL:
iptables Firewall forum thread