LinWiz://PersonalFirewall
Links: { LinWiz home page | More IPTABLES Links | Chris Lowth's home page }

Simple Linux Workstation iptables boot-script wizard
[Version 1.09 - June 2003]

By Chris Lowth

If you find this tool useful, please consider making a small financial contribution towards it's continued development via eBay's "PayPal" system. Just click on the button below.

This tool is one of the LinWiz set of wizards. It creates a simple firewall shell script (for any "iptables" enabled linux system) or configuration file (for hosts that employ the iptables-restore file format for saving rule sets - such as RedHat Linux 7.1, 7.2, 7.3 or 8.0 and others). The generated configuration is a "personal firewall" rule set, suitable for workstations with a single network card, not acting as a router (not forwarding IP traffic), and not providing any services to other hosts.

Step 1 - read and understand this disclaimer

This tool is Copyright (C) Chris Lowth, 2003. The files it creates are provided under the terms of the GNU General Public License, the full text of which is available here. This license governs your rights to use and redistribute the generated code and highlights the fact that it is provided with no warranty.

Your continued use of the tool and the files it creates indicates your acceptance of these terms.

A note about privacy: No information entered into this form is stored anywhere on the web server, or deliberately passed to any person or agency. Your privacy is respected. The data you enter is sent over the internet in "clear text" for processing by the LinWiz tools, so it is possible (but unlikely) that someone could "snoop" the connection and read the information (this is true for any un-encrypted internet traffic - which includes the majority of the "world wide web"). However - the good news is that these tools work just as well with false IP addresses as with real ones, provided that you edit the created file once you have downloaded it to replace any false addresses with real ones. In the majority of cases, such use of "false addresses" is not required - particularly if your computer is located in a private network.

Step 2 - Options

Select the options you want to turn on. The default settings are pretty good for most users.

If you select option number 3 (which is 'on' by default), then you should enter the IP address of your system in the box below the table. You can use fictional information if you want - and then edit the created file by hand after downloading it.

#OptionDefaultDescription
1 all Respond to "pings" from other hosts?
  • "all" : respond to all hosts without limit
  • "none": dont respond to pings from any hosts
2 yes Drop spoofed "loopback" packets?
Should your computer "drop" any IP packets that are trying to spoof the loopback interface address.
3 yes Drop packets spoofing the local address?
Should your computer "drop" any IP packets coming in from the network that are trying to spoof the computer's own address? If you say "yes" here, then we need to know the computer's IP address in order to be able to build the relevant rules. Please enter this in the box below this table (you can use a fictional one if you wish, and edit the generated script later).
4 yes Block "syn flood" attacks?
Should your computer detect and "drop" packets that look as if they are part of a "syn flood" attack?
5 yes Block TCP connections that dont start with "syn" packets?
Should your system detect and "drop" packets that break the rule that all TCP connections start with a "syn" packet?
6 none Log rejected packets?
Should your computer write "syslog" information about packets that are rejected or dropped by these filtering rules?
  • "all" : Log all rejected packets
  • "some" : Log all rejected packets except netbios name-resolution broadcasts (you'll get a lot of these on a MicroSoft network).
  • "none" : Dont log any rejected packets
7 no Act as a SAMBA client?
Should your system be permitted to access remote SAMBA shares - on windows systems or other Linux ones?
  Your computer's IP address:   This information is needed if you chose option number 3 (above)

Step 3 - Actions

Click on the action button..

Action buttonDescription
Redisplays this page, refreshing the internal data with the answers to your questions - this makes it possible to save the page for later re-visiting.
Download the generated config file.

If you are using this on RedHat 7.1, 7.2, 7.3, 8.0 or 9. Simply save the file to disk and copy to /etc/sysconfig/iptables on your linux system. Be sure to copy it as a unix formatted file.
Download the generated config file as a shell script.

This file format is suitable for use as a classic "rc.firewall" script. Be sure to copy it as a unix formatted file.
Export your data for saving on your hard dirve.

Save the generated web page in "html" format, so that you can re-visit this LinWiz tool later - possibly to change your settings and create a new firewall configuration, or simply to review the choices you made.

This tool is powered by Apache, PHP and Perl with purpose written code by Chris Lowth. The LinWiz source code is Copyright (c) 2003 Chris Lowth. LinWiz This page is Copyright (c) 2003 Chris Lowth. The files generated by this software are Licensed according to the GPL Version 2.