Simple Firewall for Gentoo

Well I just needed a simple firewall script for Gentoo. As most of the simple ones in the wild are missing some features I wanted, I wrote one on my own. In the hope it will be helpful to somebody else, here it is.


  • IPv4 and IPv6
  • Usable with multiple public IPs
  • Simple configuration file
  • Spoofing-protection for local IPs
  • Versatile and correct ICMPv4/ICMPv6 filtering with rate-limiting
  • Simple banning for SSH-Robots
  • IPSec AH/ESP – Handling with some DoS and spoofing-protection
  • Simple Masquerading of IPSec-Traffic

Planned Features

  • Versatile logging features
  • Command to retrieve statistics (recent-, spoofing-tables and hit-counters) in a fancy way


  • /etc/init.d/firewall
  • /etc/conf.d/firewall


To install, simply copy the files to the correct place and start the firewall with


Well … It’s simple. Just take a look at the configuration file. It only has three parameters, which should be self explaining.


The code is licensed under GPLv2.


You can download the archive or just copy the code below.




Networks beyond the sky