Skip to content
🛠️ToolsShed

Firewall Rule Generator

Generate firewall rules for iptables, UFW, macOS pf, and Windows Defender Firewall.

Common Ports

About this tool

A firewall is the first line of defense for any networked system, controlling which network traffic can enter or leave your computer. This tool helps you generate the correct command syntax for configuring firewalls across Linux (iptables, UFW, nftables), macOS (pf), and Windows Defender. Instead of trying to remember complex syntax for each platform, you can specify your intent—allow a port, block an IP, permit SSH from a subnet—and get ready-to-run commands tailored to your system.

System administrators, developers setting up servers, and security-conscious users rely on this generator to quickly craft rules without manual trial-and-error. Whether you're hardening a VPS, protecting a home lab, or locking down a staging environment, the generator ensures rule syntax is correct before you run it. Each platform uses different command formats and flag conventions, so this tool eliminates the friction of context-switching between documentation.

Frequently Asked Questions

Code Implementation

#!/usr/bin/env python3
"""Firewall rule generator — outputs iptables and UFW commands."""

def iptables_allow(port: int, protocol: str = "tcp", source: str = None) -> str:
    src = f"-s {source} " if source else ""
    return f"sudo iptables -A INPUT {src}-p {protocol} --dport {port} -j ACCEPT"

def iptables_block(port: int = None, source: str = None, protocol: str = "tcp") -> str:
    parts = ["sudo iptables -I INPUT"]
    if source:
        parts.append(f"-s {source}")
    if port:
        parts.extend([f"-p {protocol}", f"--dport {port}"])
    parts.append("-j DROP")
    return " ".join(parts)

def ufw_allow(port: int, protocol: str = "tcp", source: str = None) -> str:
    if source:
        return f"sudo ufw allow from {source} to any port {port} proto {protocol}"
    return f"sudo ufw allow {port}/{protocol}"

def ufw_deny(port: int = None, source: str = None) -> str:
    if source and not port:
        return f"sudo ufw deny from {source}"
    if port:
        return f"sudo ufw deny {port}/tcp"
    return "sudo ufw deny from any"

# Examples
print("=== Allow SSH from specific IP ===")
print(iptables_allow(22, "tcp", "192.168.1.0/24"))
print(ufw_allow(22, "tcp", "192.168.1.0/24"))

print("\n=== Allow HTTP and HTTPS ===")
for port in [80, 443]:
    print(iptables_allow(port, "tcp"))
    print(ufw_allow(port, "tcp"))

print("\n=== Block IP ===")
print(iptables_block(source="10.0.0.5"))
print(ufw_deny(source="10.0.0.5"))

print("\n=== Save iptables rules (Ubuntu/Debian) ===")
print("sudo netfilter-persistent save")

Comments & Feedback

Comments are powered by Giscus. Sign in with GitHub to leave a comment.