Skip to content
Creates a Debian Based Firewall
Branch: temp
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Creates a Debian Based Firewall (Should work with Ubuntu too)

Based on the work done by Joff Thyer of Blackhills Information Security:

Installs a complete SoHo firewall on Debian Buster or Stretch, with

  • BIND providing local name resolution.
  • ISC-DHCP-Server providing local DHCP
  • NTP resolves some of the systemd fu..ery regarding this + ensures that there's a current leapseconds file available

Optional1 components:

-1 Unless you ensure that the install/configure routines are not run - they run by default, modify the "main" routine accordingly.

The overall setup, hardcoded in the script is:

Connection IP address NIC
Internet DHCP (ISP) enp1s0
homenet enp2s0
homenet enp3s0
homenet enp4s0
homenet wlan0

If you need to change this, you'll have to search and replace as required for your specific environment.

For more information, have a look at my blogpost on this:

Disclaimer: This worked for me on an old Atom system, a Celeron thing, and last (but not least) a PC Engines APU4C4 ( bought at (great service, no affiliation). The little APU just works and uses about 6W so a great saving even compared to the Atom/Celeron boxes.

I do no assume any responsibility for any outcome of running the script, so please engage brain and verify everything yourself!!

You can’t perform that action at this time.