About the Firewall Rule Generator

Open Firewall Generator View Terms of Service

Tip, you can deep link the generator to a specific OS, for example #windows, #mac, or #linux.

Open for Windows Open for macOS Open for Linux

What this tool does

The generator builds ready-to-run firewall scripts tailored to your device role and operating system. You choose services to allow, decide whether to exempt an admin IP, and optionally enable country blocking on Linux. The tool produces commands for the native firewall on each platform.

Linux

Backends, UFW, iptables + ipset, nftables
Optional country blocking using public CIDR lists
IPv4 and optional IPv6 set population

macOS

Native pf (Packet Filter) with an anchor file
Safe flow, validate, load, then enable
App-only firewall is not enough for port-level control

Windows

PowerShell rules, recommended for clarity
netsh rules, useful for legacy or GPO copy-paste
Profiles enabled, logging path set

Profiles & portability

Export and import configuration profiles as JSON
Download scripts with OS-aware filenames
Deep link directly to an OS mode

How it works (client-side)

The page runs entirely in your browser. No accounts, no uploads, and no telemetry. Your selections generate a script locally, which you can copy, review, and download. Nothing leaves your device.

Safety first. Firewall changes can interrupt access, including SSH. Always test on a non-critical machine or a virtual machine before applying rules to production devices.

What you control

Allowed ports by service, for example 22, 80, 443, or 53/udp
Admin IP exemption to avoid locking yourself out
Linux only, country blocking via sets, IPv4 plus optional IPv6
Engine choices per OS, for example PowerShell or netsh

Quick start

Linux

Open the tool and pick Linux.
Select your backend, UFW, iptables, or nftables.
Choose your device role and services to allow.
Optional, enable country blocking and IPv6 lists.
Generate, review, then run on a test system first.

macOS

Open the tool with #mac.
Select services to allow, then generate.
The script creates a pf anchor, validates with pfctl -n, loads, then enables.
Run in Terminal, you will be prompted for admin rights.

Windows (PowerShell)

Open the tool with #windows.
Choose PowerShell, select services, then generate.
Right-click PowerShell and run as Administrator.
Paste the script and verify rules were added.

Windows (netsh)

Switch the engine to netsh.
Generate and download the .cmd file.
Right-click and run as Administrator.
Confirm the rules via Windows Firewall UI or netsh.

Advanced notes

macOS Packet Filter (pf)

Anchor file path, /etc/pf.anchors/com.cyberlifecoach
Main config, /etc/pf.conf gets a one-time anchor include
Validate first, sudo pfctl -nf /etc/pf.conf, then load with sudo pfctl -f /etc/pf.conf

Windows options

PowerShell, New-NetFirewallRule with a consistent Group label, “CLC Firewall”
netsh, netsh advfirewall firewall add rule ... for legacy and GPO workflows

Linux sets and persistence

iptables + ipset, saves to /etc/ipset.conf and uses netfilter-persistent
nftables, writes a full ruleset to /etc/nftables.conf and enables the service

Legal Disclosure. This page and the generator are for educational and informational use. Firewall changes can disrupt connectivity or lock you out of systems. Always review scripts, test in a safe environment, and keep console or recovery access available. The author and host accept no liability for damage, data loss, or misuse.

Open Firewall Generator

LinuxmacOSWindows UFWiptablesnftablespfctl