Simple and flexible firewall for Linux server
Go to file
2024-04-26 11:56:17 +02:00
tests Add test configurations in tests directory 2022-03-15 16:30:39 +01:00
.gitignore Add a Vagrantfile for testing 2019-06-04 17:43:26 +02:00 Modify URL to track country ip blocks 2015-01-12 20:45:27 +01:00 Chain MINIFW-DOCKER-INPUT-MANUAL for more granular/manual filtering of incoming traffic to services inside docker 2024-04-18 16:32:53 +02:00
cron_minifirewall Added an example of cron script to daily reload iptables 2011-04-02 12:01:58 +02:00
LICENSE Minifirewall is now under GPLv3 license 2019-06-04 16:53:34 +02:00
minifirewall RELATED is not needed and could be a security problem : 2024-04-26 11:56:17 +02:00
minifirewall.conf add IPv6 for secondary office network 2023-07-07 10:26:35 +02:00 Merge branch 'master' into includes 2022-03-15 16:32:08 +01:00 Add delegated CIDR for AFRINIC and LACNIC. 2014-05-09 11:08:32 +02:00
Vagrantfile improve Vagrantfile 2023-07-04 11:35:49 +02:00


Minifirewall is shellscripts for easy firewalling on a standalone server we used netfilter/iptables designed for recent Linux kernel See


install --mode 0700 minifirewall /etc/init.d/minifirewall
install --mode 0600 minifirewall.conf /etc/default/minifirewall
mkdir --mode 0700 /etc/minifirewall.d


Edit /etc/default/minifirewall file:

  • If your interface is not eth0, change INT variable
  • If you don't use IPv6, set IPv6='off'
  • Modify INTLAN variable, probably with your <IP>/32 or your local network if you trust it
  • Set your trusted and privilegied IP addresses in TRUSTEDIPS and PRIVILEGIEDIPS variables
  • Authorize your public services with SERVICESTCP1 and SERVICESUDP1 variables
  • Authorize your semi-public services (only for TRUSTEDIPS and PRIVILEGIEDIPS ) with SERVICESTCP2 and SERVICESUDP2 variables
  • Authorize your private services (only for TRUSTEDIPS ) with SERVICESTCP3 and SERVICESUDP3 variables
  • Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
  • Add your specific rules


To use minifirewall with Docker you need to change the variable DOCKER='on' Then, authorisation for public/semi-public/private ports will also work for dockerized services

WARNING : When the port mapping on the host is different than in the container (ie: listen on :8090 on the host, but the service in the container listen on :8080) you need to use the port used by the container (ie: 8080) in the public/semi-public/private port list


/etc/init.d/minifirewall start/stop/restart

If you want to add minifirewall in boot sequence, add the start command to /usr/share/scripts/alert5.


This is an Evolix project and is licensed under the GPLv3, see the LICENSE file for details.