Simple and flexible firewall for Linux server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jérémy Dubois f52971a173 Apply policy of IPv4 to IPv6 2 days ago
.gitignore Add a Vagrantfile for testing 3 years ago
LICENSE Minifirewall is now under GPLv3 license 3 years ago Add warning on port opening for docker 2 weeks ago
Vagrantfile Add a Vagrantfile for testing 3 years ago Modify URL to track country ip blocks 7 years ago
cron_minifirewall Added an example of cron script to daily reload iptables 11 years ago
minifirewall Update copyright and add version number 1 year ago
minifirewall.conf Apply policy of IPv4 to IPv6 2 days ago Add delegated CIDR for AFRINIC and LACNIC. 8 years ago


Minifirewall is shellscripts for easy firewalling on a standalone server we used netfilter/iptables designed for recent Linux kernel See


install -m 0700 minifirewall /etc/init.d/minifirewall
install -m 0600 minifirewall.conf /etc/default/minifirewall


Edit /etc/default/minifirewall file:

  • If your interface is not eth0, change INT variable
  • If you don't IPv6 : IPv6=off
  • Modify INTLAN variable, probably with your IP/32 or your local network if you trust it
  • Set your trusted and privilegied IP addresses in TRUSTEDIPS and PRIVILEGIEDIPS variables
  • Authorize your +public+ services with SERVICESTCP1 and SERVICESUDP1 variables
  • Authorize your +semi-public+ services (only for TRUSTEDIPS and PRIVILEGIEDIPS ) with SERVICESTCP2 and SERVICESUDP2 variables
  • Authorize your +private+ services (only for TRUSTEDIPS ) with SERVICESTCP3 and SERVICESUDP3 variables
  • Configure your authorizations for external services : DNS, HTTP, HTTPS, SMTP, SSH, NTP
  • Add your specific rules


To use minifirewall with docker you need to change the variable DOCKER from off to on Then, authorisation for public/semi-public/private ports will also work for dockerized services

WARNING : When the port mapping on the host is different than in the container (ie: listen on :8090 on the host, but the service in the container listen on :8080) you need to use the port used by the container (ie: 8080) in the public/semi-public/private port list


/etc/init.d/minifirewall start/stop/restart

If you want to add minifirewall in boot sequence:

systemctl enable minifirewall


This is an Evolix project and is licensed under the GPLv3, see the LICENSE file for details.