NetGuardian: IPTables Architect

Select Topology

NetGuardian User Manual

1. Getting Started

NetGuardian creates iptables bash scripts based on the logic of "Zones" and "Flows".

Define Interfaces: Map physical ports (eth0) to Zones (WAN, LAN).
Check Matrix: The grid shows what is allowed. Red means DROP, Green means ACCEPT.
Create Rules: Add specific policies (e.g., Allow LAN to WAN).
Generate: The tool writes the bash script for you.

2. Deployment Scenarios

A. Host on LAN & Firewall (Gateway)

The most common setup. You have one firewall protecting a local network.

Interface 1: eth0 -> WAN (External)
Interface 2: eth1 -> LAN (Internal)
Rule: Source: LAN -> Dest: WAN | Action: ACCEPT

B. DMZ Setup (3-Legged Firewall)

Used when you host public servers (Web, Mail) but want to protect the LAN.

Interface 1: eth0 -> WAN
Interface 2: eth1 -> LAN
Interface 3: eth2 -> DMZ
Rule 1: WAN -> DMZ (Port 80/443) [Public Access]
Rule 2: LAN -> DMZ (Port 22) [Management]
Rule 3: DMZ -> LAN [DROP] (Crucial for security)

C. Dual-Homed Firewall (Advanced)

In a high-security environment where the DMZ sits between two physical firewalls.

NOTE: You must use this tool twice to generate two separate scripts.

1. Outer Firewall (Edge)

IF 1: WAN (Public IP)
IF 2: DMZ_OUT (10.0.0.1)
Policy: Allow WAN -> DMZ (Web)

2. Inner Firewall (Core)

IF 1: DMZ_IN (10.0.0.2)
IF 2: LAN (192.168.1.1)
Policy: Allow LAN -> DMZ (Mgmt)

3. How to Upgrade & Maintain

Your firewall rules are not static; they evolve.

Save your Config: Currently, this tool runs in the browser memory. Keep a note of your interface names/zones.
Make Changes: Open this tool, re-enter your topology, and add the new rule (e.g., "Open Port 3306 for SQL").
Regenerate: Go to "View Script" and copy the new code.
Apply on Server: Paste the content into /etc/firewall.sh (or your location) and run it. The script automatically flushes old rules (iptables -F) before applying new ones, ensuring a clean state.

Pro Tip: Persistence

To make rules survive a reboot on Linux, install `iptables-persistent` (Debian/Ubuntu) and save the active rules after running your script: netfilter-persistent save

Network Topology & Rules

Define your physical interfaces and their logical zones, then build traffic policies.

Interfaces

Traffic Flow Matrix

Firewall Rules

Source

Destination

Port/App

Protocol

Action

Generated Bash Script

Save this to a file (e.g., firewall.sh), chmod +x, and run as root.