Netfilter firewall scripts

Some ready to use scripts to setup a netfilter (Linux kernel 2.4/2.6) firewall. Most common setups are covered.

Please note that these scripts use the iptables tool. They can be still useful as a reference, but might need to be ported to use a different tool.


all inbound connections are filtered while all outbound connections are allowed.

Home gateway

masquerading is active for LAN's clients. All inbound connections are filtered while all outbound traffic is allowed.

Lan gateway

the gateway acts as a DNS and SMTP server for the LAN. SSH inbound connections are allowed from the LAN as well. DNS and SMTP outbound connections are allowed to the Internet; LAN's client can access public WWW and FTP services.

Lan gateway with DMZ support

NAT is active for both DMZ servers and private LAN clients. The gateway itself accepts only inbound SSH connections from the LAN's client. Public access to some well defined services hosted in the DMZ is granted, as well as restricted access to the Internet by DMZ server and LAN's clients.

© Alessandro Dotti Contra :: VAT # 03617481209 :: This site uses no cookies, read our privacy policy for more information.