跳到内容
🛠️ToolsShed

Firewall Rule Generator

为iptables、UFW、macOS pf和Windows Defender防火墙生成防火墙规则。

常见端口

关于此工具

防火墙是任何网络系统的第一道防线,用于控制进出计算机的网络流量。该工具帮助您为Linux(iptables、UFW、nftables)、macOS(pf)和Windows Defender等多个平台生成正确的防火墙命令语法。与其记住每个平台的复杂语法,您可以简单地指定意图——允许某个端口、阻止某个IP、允许来自特定子网的SSH——工具会生成针对您的系统量身定制、可以立即运行的命令。

系统管理员、服务器配置的开发人员和注重安全的用户都依赖此生成器快速创建规则,避免繁琐的试错过程。无论是加固VPS、保护家庭实验室还是锁定测试环境,该工具确保规则语法在执行前正确无误。由于每个平台使用不同的命令格式和标志约定,此工具消除了在不同文档间切换的复杂性。

常见问题

代码实现

#!/usr/bin/env python3
"""Firewall rule generator — outputs iptables and UFW commands."""

def iptables_allow(port: int, protocol: str = "tcp", source: str = None) -> str:
    src = f"-s {source} " if source else ""
    return f"sudo iptables -A INPUT {src}-p {protocol} --dport {port} -j ACCEPT"

def iptables_block(port: int = None, source: str = None, protocol: str = "tcp") -> str:
    parts = ["sudo iptables -I INPUT"]
    if source:
        parts.append(f"-s {source}")
    if port:
        parts.extend([f"-p {protocol}", f"--dport {port}"])
    parts.append("-j DROP")
    return " ".join(parts)

def ufw_allow(port: int, protocol: str = "tcp", source: str = None) -> str:
    if source:
        return f"sudo ufw allow from {source} to any port {port} proto {protocol}"
    return f"sudo ufw allow {port}/{protocol}"

def ufw_deny(port: int = None, source: str = None) -> str:
    if source and not port:
        return f"sudo ufw deny from {source}"
    if port:
        return f"sudo ufw deny {port}/tcp"
    return "sudo ufw deny from any"

# Examples
print("=== Allow SSH from specific IP ===")
print(iptables_allow(22, "tcp", "192.168.1.0/24"))
print(ufw_allow(22, "tcp", "192.168.1.0/24"))

print("\n=== Allow HTTP and HTTPS ===")
for port in [80, 443]:
    print(iptables_allow(port, "tcp"))
    print(ufw_allow(port, "tcp"))

print("\n=== Block IP ===")
print(iptables_block(source="10.0.0.5"))
print(ufw_deny(source="10.0.0.5"))

print("\n=== Save iptables rules (Ubuntu/Debian) ===")
print("sudo netfilter-persistent save")

Comments & Feedback

Comments are powered by Giscus. Sign in with GitHub to leave a comment.