🔥 AFW Firewall v2.0.1

Advanced Firewall Management for Linux Servers

Features

• Port Management — Open/close TCP/UDP ports and port ranges
• Port Protection — Rate limiting for brute-force defense
• IP Management — Whitelist and blacklist IP addresses
• NAT & Port Forwarding — PREROUTING REDIRECT and POSTROUTING masquerade
• IGMP/Multicast — Multicast traffic control
• Kernel Hardening — sysctl security parameters
• Backup/Restore — State snapshots for easy recovery

Built-in Security

• SYN flood protection with rate limiting
• Ping of death protection (ICMP rate limiting)
• Port scan detection (RST packet analysis)
• IP spoofing defense (bogon/RFC1918 blocking)
• Windows port blocking (135,137,138,139,445)
• SSH brute-force protection
• Input sanitization (no shell injection)

Installation

✨ Zero-Config Setup: AFW automatically detects your network interface and SSH port during installation. Conflicting firewalls (UFW, firewalld) are disabled on fresh install only.

Debian / Ubuntu (APT)

curl -fsSL https://irtec.github.io/afw-repo/pubkey.asc | sudo gpg --dearmor -o /usr/share/keyrings/afw.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/afw.gpg] https://irtec.github.io/afw-repo stable main" | sudo tee /etc/apt/sources.list.d/afw.list
sudo apt update && sudo apt install afw

RHEL / Fedora / CentOS (YUM/DNF)

sudo curl -fsSL https://irtec.github.io/afw-repo/afw.repo -o /etc/yum.repos.d/afw.repo
sudo rpm --import https://irtec.github.io/afw-repo/pubkey.asc
sudo dnf install afw

Ubuntu PPA

sudo add-apt-repository ppa:irya31/afw
sudo apt update && sudo apt install afw

After installation, your firewall is automatically configured and active!

Quick Start

After installation, AFW is already configured and running! No manual setup needed.

Interactive TUI

sudo afw

Launches the interactive menu with 12 options — navigate with arrow keys.

Setup (first time) - auto-detect interface and SSH port

sudo afw setup

Manual Reconfiguration (Optional)

# If you need to change interface or SSH port
sudo afw setup --interface eth0 --ssh-port 22

CLI Examples

# Port management
sudo afw port add tcp 80
sudo afw port add udp 53
sudo afw port add tcp 3000-4000      # range
sudo afw port add tcp 8080 -s 10.0.0.5  # IP-restricted
sudo afw port remove tcp 80
sudo afw port list

# Port protection (rate limiting)
sudo afw protect add 22 --rate 10 --per 60
sudo afw protect remove 22

# IP management
sudo afw whitelist add 10.0.0.1
sudo afw blacklist add 1.2.3.4

# NAT / Masquerade
sudo afw nat enable
sudo afw nat disable

# Port forwarding
sudo afw forward add eth0 8080 80

# Firewall control
sudo afw enable
sudo afw disable
sudo afw reload
sudo afw status

# Backup
sudo afw backup create
sudo afw backup list
sudo afw backup restore /var/lib/afw/backups/state-20240101-120000.json

Systemd Service

sudo systemctl enable afw       # Auto-start on boot
sudo systemctl start afw        # Start firewall
sudo systemctl stop afw         # Stop firewall
sudo systemctl reload afw       # Reload rules
sudo systemctl status afw       # Check status

Upgrade

# APT (Debian/Ubuntu)
sudo apt update && sudo apt upgrade -y

# DNF (RHEL/Fedora/CentOS)
sudo dnf upgrade -y

Config and rules are preserved. Reload after upgrade: sudo afw reload

Resources

• GPG Public Key
• GitHub Repository (Private)
• Ubuntu PPA

License

GPL © irya