A powerful Python-based firewall management tool that provides an easy-to-use interface for managing iptables rules and ipsets on Linux systems. This tool allows for country-based IP whitelisting, custom IP management, and simplified firewall rule administration.
- Enable/disable firewall with sensible default policies
- Country-based IP whitelisting (automatically fetches and updates country IP ranges)
- Custom IP whitelist and blacklist management
- Support for loading IPs from files
- Custom iptables rule management
- Real-time firewall status monitoring
- Automatic dependency checking and installation
- Linux operating system
- Python 3.x
- Root privileges (sudo)
- Required packages (automatically installed if missing):
- iptables
- ipset
- Python requests library
- Clone or download this repository
- Make the script executable:
chmod +x firewall_manager.py
- Run the dependency check:
sudo python3 /root/fw/firewall_manager.py --install-deps
-
Enable firewall (with country whitelist):
sudo python3 /root/fw/firewall_manager.py --enable IR # Replace IR with desired country code -
Enable firewall (without country whitelist):
sudo python3 /root/fw/firewall_manager.py --enable
-
Enable firewall without allowing SSH connections (use with caution):
sudo python3 /root/fw/firewall_manager.py --enable --disable-ssh
-
Enable firewall and load IPs from whitelist.txt (can be combined with other options):
sudo python3 /root/fw/firewall_manager.py --whitelist --enable IR --disable-ssh
-
Disable firewall:
sudo python3 /root/fw/firewall_manager.py --disable
-
Show firewall status:
sudo python3 /root/fw/firewall_manager.py --status
-
Update country IP list:
sudo python3 /root/fw/firewall_manager.py --update-country-ips IR # Replace IR with desired country code -
Add single IP to whitelist/blacklist:
sudo python3 /root/fw/firewall_manager.py --add-ip 1.2.3.4 whitelist sudo python3 /root/fw/firewall_manager.py --add-ip 5.6.7.8 blacklist
-
Remove IP from whitelist/blacklist:
sudo python3 /root/fw/firewall_manager.py --remove-ip 1.2.3.4 whitelist
-
Add IPs from file:
sudo python3 /root/fw/firewall_manager.py --add-ips-from-file /path/to/file.txt whitelist
-
Load IPs from default whitelist file (whitelist.txt):
sudo python3 /root/fw/firewall_manager.py --whitelist
-
Load IPs from default blacklist file (blacklist.txt):
sudo python3 /root/fw/firewall_manager.py --blacklist
Add custom iptables rules:
sudo python3 /root/fw/firewall_manager.py --add-custom-rule "INPUT -p tcp --dport 80 -j ACCEPT"Remove custom rules:
sudo python3 /root/fw/firewall_manager.py --remove-custom-rule "INPUT -p tcp --dport 80 -j ACCEPT"- Default SSH port: 22 (configurable in the script)
- Default whitelist file:
whitelist.txtin the same directory - Default blacklist file:
blacklist.txtin the same directory - IP lists cache directory:
ip_lists/ - Default policies:
- INPUT: DROP
- FORWARD: DROP
- OUTPUT: ACCEPT
The script manages three types of ipsets:
country_whitelist: For country-based IP rangesuser_defined_whitelist: For manually whitelisted IPsuser_defined_blacklist: For manually blacklisted IPs
- Always backup your existing firewall rules before using this tool
- Test the firewall configuration in a controlled environment first
- Ensure SSH access is properly configured to prevent lockout
- Use
sudo netfilter-persistent saveto persist rules across reboots
If you get locked out:
- Access the server physically or through out-of-band management
- Disable the firewall:
sudo python3 /root/fw/firewall_manager.py --disable
This project is open source and available under the MIT License.
Contributions are welcome! Please feel free to submit pull requests.