This PHP script is a firewall generator for iptables based firewalls. High customizable so that the user may adapt it to their requirements. The script is made with a Linux backend so easy use on a Unix-based system.

PHP Firewall Generator

The PHP Firewall Generator is a simple PHP script that generates a firewall script for iptables or ipchains based firewalls. The script is created based on configuration rules entered by the user. The aim is to support a rule set similar to those supported by commercial Firewall systems, and have it easy to configure.

Changes since release 1.0

A rewrite of the script generator for iptables. The user interface remains mostly the same, and the same configuration files can be used to generate an iptables or ipchains based script. Currently version 2.0 supports iptables only, whereas 1.0 supports ipchains only. A future release will support either iptables or ipchains.

Changes since release 0.94

Many cosmetic changes, and a new help system added. I made some minor changes to the way the script is generated.

Changes since release 0.93

• Bug fix for creating forwarding rules between masqueraded networks, especially those on either side of the firewall. This is important where remote users (eg: VPN, DialConnect, IPNet, etc) are separated from the main network by the firewall.
• Re-load the firewall script when the network objects change.

Changes since release 0.92

• Minor but annoying bug fixed for Internet Explorer users.
• I have started some work on porting this to netfilter for 2.4 kernels.

• Fix for a bug where the script would not get regenerated unless the script window was open.
• Fix for a bug where the port number was displayed incorrectly while editing rulesets. This sometimes prevented a ruleset from being changed.

• This release has a much better user interface, thanks to some JavaScript code. It should be much more user friendly, especially for those with not-so-large browser windows who had to scroll left and right continually to see the rulesets!
• Now supports separate input, output, forward, and input/forward rules. Output rules were often ignored, but they are useful in some cases. Most existing rules can be converted to input/forward rules. The no-forwarding-allowed problem that affected firewalls used as non-masqerading routers has been fixed.
• A few more bug fixes.
• Moved the project on to sourceforge ... anyone can contribute! Especially graphics. I need more graphics.

• A few bug fixes, including a fix for some unusual network configurations (the only bug report I've ever received!).
• Various installation tidy-ups.
• Make it easier to set up outgoing ALL rules.
• Add new rules for DHCP.
• Various cosmetic changes.

• Ability to specify port forwarding and redirection rules.
• Script is now stored in /var/lib/phpfwgen/firewall, and can be mailed to an e-mail address.
• Added ports listing and optional additions to /etc/services.
• Check for presence of ipfwadm and ipmasqadm at runtime.
• Generate forward and reverse ipchains commands for TCP and UDP rules.
• Many cosmetic changes.
• Many bug fixes.

• Somewhat better appearance.
• Ability to hide / show any of the object sections.
• Inserted reverse rules to cover outgoing TCP packets on established connections.