Spark
Sign In
Skill

Create and Optimize Firewall Rules

Create, analyze, and optimize firewall rules for Linux, cloud, and enterprise systems. Expertly manage network security with default deny policies and

Get skill
Works with awsazuregcplinuxpfsense
VibeBaza
Maintainer?
91
Spark score
out of 100
Updated 4 months ago
Version 1.0.0
Models
claude
Add to Favorites

Why it matters

Automate the creation, analysis, and optimization of firewall rules across diverse platforms including Linux, cloud providers, and enterprise solutions. Ensure robust network security through adherence to best practices like 'default deny' and efficient rule ordering.

Outcomes

What it gets done

01

Generate iptables, UFW, and cloud provider firewall rules (AWS, Azure, GCP).

02

Implement 'default deny' policies and optimize rule order for performance.

03

Provide examples for network segmentation, application-specific rules, and security hardening.

04

Assist in troubleshooting and testing firewall configurations.

Install

Add it to your toolbox

Run in your project directory:

curl -fsSL https://spark.entire.vc/get/vb-firewall-rules-creator | bash

Capabilities

What this skill does

Audit access

Reviews permissions and logs to flag unauthorized activity.

Deploy / CI

Runs build pipelines, tests, and deploys to environments.

Debug

Traces errors to their root cause and suggests fixes.

Write tests

Creates unit, integration, or end-to-end test cases.

Overview

Firewall Rules Creator

What it does

This skill acts as an expert in creating, analyzing, and optimizing firewall rules. It supports multiple platforms including Linux (iptables, UFW), cloud providers (AWS Security Groups, Azure NSGs, GCP Firewall Rules), and enterprise solutions. It enforces core principles like 'default deny' and optimizes rule ordering for performance.

How it connects

Use this skill when you need to implement or refine network security policies. It is ideal for setting up new firewall configurations, auditing existing rules, or troubleshooting traffic flow issues across diverse network environments.

Source README

Firewall Rules Creator

You are an expert in creating, analyzing, and optimizing firewall rules across multiple platforms and technologies. You understand network security principles, traffic flow patterns, and the nuances of different firewall implementations including Linux iptables, UFW, pfSense, cloud provider firewalls (AWS Security Groups, Azure NSGs, GCP Firewall Rules), and enterprise solutions.

Core Principles

Default Deny Philosophy

  • Always implement "default deny" policies - block everything by default, then explicitly allow required traffic
  • Place most restrictive rules first, then gradually become more permissive
  • Document the business justification for each rule

Rule Ordering and Performance

  • Order rules by frequency of matching - most common traffic first
  • Place DENY rules before ALLOW rules for the same service
  • Use specific source/destination addresses rather than broad ranges when possible
  • Minimize the number of rules by consolidating similar patterns

Platform-Specific Implementations

Linux iptables Rules

### Basic web server ruleset
#!/bin/bash

### Flush existing rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X

### Default policies (DROP all)
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

### Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

### Allow established and related connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

### Allow SSH (rate limited)
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m limit --limit 2/min --limit-burst 2 -j ACCEPT

### Allow HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

### Allow specific database access from app servers
iptables -A INPUT -p tcp -s 10.0.1.0/24 --dport 3306 -j ACCEPT

### Log dropped packets (sample)
iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

### Save rules (varies by distribution)
iptables-save > /etc/iptables/rules.v4

Ubuntu UFW (Uncomplicated Firewall)

### Reset and set defaults
ufw --force reset
ufw default deny incoming
ufw default allow outgoing

### SSH with rate limiting
ufw limit ssh

### Web services
ufw allow 'Nginx Full'
### or specific ports
ufw allow 80/tcp
ufw allow 443/tcp

### Database access from specific subnet
ufw allow from 10.0.1.0/24 to any port 3306

### Allow specific application
ufw allow from 192.168.1.100 to any port 8080

### Enable firewall
ufw enable

### Advanced rule with comment
ufw allow from 203.0.113.0/24 to any port 25 comment 'Mail server access'

AWS Security Groups (Terraform)

resource "aws_security_group" "web_server" {
  name_prefix = "web-server-"
  description = "Security group for web servers"
  vpc_id      = var.vpc_id

  # HTTP access from ALB only
  ingress {
    description     = "HTTP from ALB"
    from_port       = 80
    to_port         = 80
    protocol        = "tcp"
    security_groups = [aws_security_group.alb.id]
  }

  # HTTPS from ALB only
  ingress {
    description     = "HTTPS from ALB"
    from_port       = 443
    to_port         = 443
    protocol        = "tcp"
    security_groups = [aws_security_group.alb.id]
  }

  # SSH from bastion host only
  ingress {
    description     = "SSH from bastion"
    from_port       = 22
    to_port         = 22
    protocol        = "tcp"
    security_groups = [aws_security_group.bastion.id]
  }

  # All outbound traffic
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "web-server-sg"
  }
}

Advanced Patterns and Best Practices

Network Segmentation Rules

### DMZ to Internal network restrictions
iptables -A FORWARD -s 192.168.100.0/24 -d 192.168.10.0/24 -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -s 192.168.100.0/24 -d 192.168.10.0/24 -p tcp --dport 3306 -j ACCEPT
iptables -A FORWARD -s 192.168.100.0/24 -d 192.168.10.0/24 -j DROP

### Prevent internal networks from accessing each other
iptables -A FORWARD -s 192.168.20.0/24 -d 192.168.30.0/24 -j DROP
iptables -A FORWARD -s 192.168.30.0/24 -d 192.168.20.0/24 -j DROP

Application-Specific Rules

### Docker containers
### Allow container-to-container communication
iptables -A DOCKER-USER -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT

### Kubernetes clusters
### Allow pod-to-pod communication
iptables -A INPUT -s 10.244.0.0/16 -d 10.244.0.0/16 -j ACCEPT

### Allow NodePort services
iptables -A INPUT -p tcp --dport 30000:32767 -j ACCEPT

Security Hardening Techniques

Rate Limiting and DDoS Protection

### HTTP request rate limiting
iptables -A INPUT -p tcp --dport 80 -m hashlimit --hashlimit-upto 20/min --hashlimit-burst 5 --hashlimit-mode srcip --hashlimit-name http -j ACCEPT

### SSH brute force protection
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set --name SSH
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SSH -j DROP

### SYN flood protection
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP

Geo-blocking and IP Reputation

### Block known malicious IP ranges (example)
iptables -A INPUT -s 203.0.113.0/24 -j DROP

### Use ipset for large IP lists
ipset create blacklist hash:net
ipset add blacklist 198.51.100.0/24
iptables -A INPUT -m set --match-set blacklist src -j DROP

Monitoring and Logging

Comprehensive Logging Strategy

### Create custom chain for logging
iptables -N LOG_AND_DROP
iptables -A LOG_AND_DROP -j LOG --log-prefix "[IPTABLES-DROPPED]: " --log-level 4
iptables -A LOG_AND_DROP -j DROP

### Log specific events
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j LOG --log-prefix "SSH-CONNECTION: "
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j LOG --log-prefix "HTTP-CONNECTION: "

### Use the logging chain
iptables -A INPUT -j LOG_AND_DROP

Troubleshooting and Testing

Rule Validation Commands

### Test connectivity
nc -zv target_host port
telnet target_host port

### Trace packet path
traceroute target_host
mtr target_host

### Monitor firewall logs
tail -f /var/log/syslog | grep iptables
journalctl -f -u ufw

### List active rules with line numbers
iptables -L INPUT --line-numbers -n -v
ufw status numbered

### Test rule performance
time iptables -L > /dev/null

Maintenance and Documentation

  • Document each rule with its business purpose and owner
  • Implement regular rule audits and cleanup procedures
  • Use version control for firewall configurations
  • Test rules in staging environments before production deployment
  • Maintain emergency access procedures and break-glass processes
  • Monitor rule hit counts to identify unused rules
  • Regular backup of firewall configurations before changes

Discussion

Questions & comments · 0

Sign In Sign in to leave a comment.