Skip to content
A configurable iptables firewall script meant to make firewalls easier
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Apr 7, 2016 Fixed README image source paths to my new website Nov 26, 2018 Automatic case conversion for table policy variables to assure variab… Dec 4, 2016 Large amount of changes, massively improved ipv6 support, misc bug fi… Dec 2, 2016 Large amount of changes, massively improved ipv6 support, misc bug fi… Dec 2, 2016 Small correction from mistake in previous commit Jan 6, 2017


This is a configurable iptables firewall script, meant to make firewalls easier.

All sorts of knobs are available in for enabling or disabling various parts of the script. If you are curious what is available I suggest taking a look in to see, there is a fair amount you can do.

Note: This script is originally intended to be a restricted firewall, operating in a default deny sort of manner where it is very locked down. Since the beginning it has been expanded, allowing default policies and variables changed as the user desires through the options given. This allows you to suit the firewall to your needs better.

This script requires you to fill out the variables in to your preference before running it. Otherwise it will not work as it is missing information is requires to properly set the firewall.


After the file is set with your configuration, this is what running looks like

If your rule changes sever your connection, say you were on SSH but forgot to allow it, automatically your most recent rules will be re-applied.

By default before each time is ran your existing rules are saved. There is a companion script called '' that will restore your iptables rules back to those before the new rules were set. It saves an original copy of your rules the first time the script is ran, so long as that file exists still it will create time and date stamped rules files each time after to give you a selection of which point in time to restore your rules to.

Setting the variables

Within there are variables which must be filled out, this requires a little bit of configuration to adjust it to your specific needs. Each section is thoroughly commented so read them at each step and you will not have any issues.

How to use

  • Lets get the source
git clone && cd restricted-iptables
  • This will make the scripts readable, writable, and executable to root and your user
chmod 770 *.sh
  • Open the script in your text editor of choice. You need to read each section and fill it out accordingly
  • Make sure you've saved, then launch the main script by doing the following
sudo bash

Note: Make sure you have installed the 'iptables' package for your distribution and if your distribution such as Gentoo requires you to configure your own kernel assure that the various iptables kernel modules are enabled

Restoring previous rules

  • To restore your old rules launch as such and follow the prompts
sudo bash

Note: Rules are stored in /tmp by default, /tmp is cleaned automatically so if you wish to keep your rules permanently you can either change the location the script uses (This is possible near the bottom of or manually save by doing the following:


iptables-save > /path/to/rules/example.rules


iptables-restore < /path/to/rules/example.rules

For your specific distribution you will want to search how to permanently save your rules.

You can’t perform that action at this time.