fwtools

Tools that help make quick changes to iptables rulesets.

Synopsis

fwbypass { enable | disable } ip
portfwd { enable | disable } port ip [ dstport ]

Description

fwbypass provides and easy way of temporarily allowing uncrestricted access through the firewall for ip by injecting the appropriate rules into the running iptables ruleset (specifically, the FORWARD chain). These changes are lost if the ruleset is reloaded. Subsequently, the access can be removed by specifying disable instead of enable.

portfwd adds the appropriate rules into the running uptables ruleset to forward inbound connections to the TCP port port to IP address ip. Optionally, a different destination port (dstport) can be specified. Subsequently, specifying disable rather than enable will cause portfwd to remove the rules instead.

Options

fwbypass

• enable Add the appropriate rules for ip to the running ruleset.
• disable Remove the appropriate rules for ip from the running ruleset.
• ip The IP address that should have the access granted/revoked.

portfwd

• enable Add the appropriate rules to setup the port forward.
• disable Remove the appropriate rules to stop the port forward.
• port The port number to listen for connections on.
• ip The IP address to forward connections to.
• dstport The optional destination port (if different from port).

Caveats

fwbypass

When removing rules for ip, any rules that match those generated by fwbypass will be removed as well.

The rules generated by fwbypass are:

-A FORWARD -s (ip) -j ACCEPT
-A FORWARD -d (ip) -j ACCEPT

portfwd

When removing rules, any rules that match those generated by portfwd will be removed as well.

The rules generated by portfwd are:

-A INPUT -p tcp -m tcp --dport (port) -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport (port) -j ACCEPT
-A FORWARD -p tcp -m tcp --dport (port) -j ACCEPT
-A FORWARD -p tcp -m tcp --sport (port) -j ACCEPT
-t nat -A PREROUTING -p tcp -m tcp --dport (port) -j DNAT --to-destination (ip)[:dstport]