>

Update

I recently discovered that the iptables initscript is now deprecated.

I've written my firewall script into a simple init script (download here). You should copy this file into /etc/init.d, make it executable, and then add the needed rc.d symlinks using update-rc.d:

 update-rc.d firewall start 40 S . stop 89 0 6 . 

Firewall info

I recently wanted to install a personal firewall on a standalone linux computer. I was looking for a configuration program or script that was simple enough that I could understand what it was doing, but flexible enough that I could easily select the services I wanted to allow. Most of the solutions I found were either overcomplicated and confusing, or vastly oversimplified (too many "wizards").

In the end, I decided the best solution was to write my own script. It is very simple and short (~70 lines with comments). I decided to post it here to help others understand IPTables based firewalls so they can write thier own scripts. You can download it here.

Running this script once will generate a set of firewall rules that perform the actions I was looking for. Using the /etc/init.d/iptables script included in debian, I could then save this as the default "active" state for my firewall, resulting in this set of rules being loaded automatically on startup.