Linux Iptables Firewall Shell Script For Standalone Server

Posted on in Categories Firewall last updated February 28, 2009

A shell script on iptables rules for a webserver (no need to use APF or CSF) just run this script from /etc/rc.local and you are done. Save following script as /root/scripts/fw.start:

How do I install and use this script?

Type the following command as root server:
# mkdir /root/scripts
# cd /root/scripts
# wget http://bash.cyberciti.biz/dl/381.sh.zip
# wget http://bash.cyberciti.biz/dl/151.sh.zip
# unzip 381.sh.zip
# unzip 151.sh.zip
# mv 381.sh start.fw
# mv 151.sh stop.fw
# chmod +x *.fw

Now edit firewall as per your requirements:
# vi /root/scripts/start.fw
Install firewall:
# echo '/root/scripts/start.fw' >> /etc/rc.local

How do I start firewall from a shell prompt?

# /root/scripts/start.fw

How do I stop firewall from a shell prompt?

# /root/scripts/stop.fw

14 comment

  1. I executed this on a VPS that luckily was due to expire.

    Unfortunately it errored on line 24 as modprobe wasn’t installed on the server (very old installation).

    I think the commands up til line 24 must have enabled full firewall blocking, and because of the failure, the line which opened up the SSH port 22 never got executed, so now I’m completely locked out of the server.

    Could you edit your instructions to have the following be the first thing people are told to execute:

    /root/scripts/start.fw || /root/scripts/stop.fw

    Then it will disable the firewall again if there’s any failure enabling it.

    With thanks

  2. This is about the time we should learn how to appreciate one another. We should all learn to live in LOVE,harmony and appreciation. Whoever wrote this script from the bottom of my heart I say thank you in a million fold.
    John B.

  3. Something is wrong with Your script, because DNS resolving doesnt work… so for example using Your script I cant login to Roundcube mail.

    Please correct this.

    1. This aint a charity mate, you didn’t even say thankyou to this guy who spent HIS time to create this script and distribute it openly, so at least show some appreciation and common-sense.

      He doesn’t have to fix anything, if you’re managing a firewall, least you can do is learn how it works or even read a log to find out why it’s not letting you… however it should work fine.

  4. I think this is a very good script, but one mistake left inside:
    egrep -v -E
    Do you mean -e ? Option called -E doesn’t exist in my egrep version :)

Leave a Comment