Net-Filters | Easy + Pro Firewall Builder

Step 1 — Preset

Pick a safe starting point. You can still add more ports.

🔴 DDoS Check

Step 2 — Quick Settings

Network card (optional) Leave blank if unsure. Your IP for SSH (optional) Only allow SSH from this IP. Empty = allow from anywhere (not recommended). Extra open ports (comma) For games or custom apps (opens TCP & UDP). Allow ping?

Limit SSH login attempts Log blocked packets (rate-limited)

Pro — Add Precise Rules

For advanced users. Build specific rules and append them to the script.

Chain Protocol Source CIDR Destination CIDR Ports TCP/UDP only. Use commas for lists, colon for range. Action

Queued Rules

Step 3 — Generate

Use a console you won’t lose (provider serial/KVM). Save on Debian/Ubuntu: apt install iptables-persistent && netfilter-persistent save

Plain-English Summary

Default-deny inbound — nobody gets in unless you say so.
Loopback + sanity — required system traffic is allowed; invalid stuff is dropped.
Keep good flows — approved connections continue to work.
Open what you need — web (80/443), VPN (1194/udp), SSH, plus extras.
Optional shields — throttle SSH brute-force, rate-limit ping, log blocked packets (lightly).