PHP Firewall Generator
The PHP Firewall Generator is a simple PHP script that generates a firewall
script for iptables or ipchains based firewalls. The script is created
based on configuration rules entered by the user. The aim is to support a
rule set similar to those supported by commercial Firewall systems, and have
it easy to configure.
The PHP Firewall Generator is hosted at
see the project page
Download release 2.0 (for iptables)
get the RPM
get the Source RPM.
Download release 1.0 (for ipchains)
get the RPM
get the Source RPM.
Try out an
on-line demo of the software.
Note that this is not necessarily the latest release: If you want the
latest release with all of the bug fixes then you should download it and
run it locally instead. Also note that some features (eg: open port
detection) are disabled in the on-line demo version.
Changes since release 1.0
A rewrite of the script generator for iptables. The user interface
remains mostly the same, and the same configuration files can be used
to generate an iptables or ipchains based script. Currently version
2.0 supports iptables only, whereas 1.0 supports ipchains only.
A future release will support either iptables or ipchains.
Changes since release 0.94
Many cosmetic changes, and a new help system added. I made some minor
changes to the way the script is generated.
Changes since release 0.93
Changes since release 0.92
- Bug fix for creating forwarding rules between masqueraded networks,
especially those on either side of the firewall. This is important where
remote users (eg: VPN, DialConnect, IPNet, etc) are separated from the
main network by the firewall.
- Re-load the firewall script when the network objects change.
Changes since release 0.9:
- Minor but annoying bug fixed for Internet Explorer users.
- I have started some work on porting this to netfilter for 2.4
Changes since release 0.4:
- Fix for a bug where the script would not get regenerated unless the
script window was open.
- Fix for a bug where the port number was displayed incorrectly while
editing rulesets. This sometimes prevented a ruleset from being changed.
Changes since release 0.3:
- This release has a much better user interface, thanks to some
for those with not-so-large browser windows who had to scroll left
and right continually to see the rulesets!
- Now supports separate input, output, forward, and input/forward
rules. Output rules were often ignored, but they are useful in
some cases. Most existing rules can be converted to input/forward
rules. The no-forwarding-allowed problem that affected firewalls
used as non-masqerading routers has been fixed.
- A few more bug fixes.
- Moved the project on to sourceforge ... anyone can contribute!
Especially graphics. I need more graphics.
Changes since release 0.2:
- A few bug fixes, including a fix for some unusual network
configurations (the only bug report I've ever received!).
- Various installation tidy-ups.
- Make it easier to set up outgoing ALL rules.
- Add new rules for DHCP.
- Various cosmetic changes.
Changes since release 0.1:
- Ability to specify port forwarding and redirection rules.
- Script is now stored in /var/lib/phpfwgen/firewall, and can
be mailed to an e-mail address.
- Added ports listing and optional additions to /etc/services.
- Check for presence of ipfwadm and ipmasqadm at runtime.
- Generate forward and reverse ipchains commands for TCP and UDP rules.
- Many cosmetic changes.
- Many bug fixes.
- Somewhat better appearance.
- Ability to hide / show any of the object sections.
- Inserted reverse rules to cover outgoing TCP packets on established