Skip to content

Luzilla/iptablesf

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github
.github
 
 
.gitignore
.gitignore
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

iptablesf

CI Release

Block IP CIDRs in the DOCKER-USER iptables chain. Rules are inserted before the default RETURN rule so they actually take effect.

Requires root (or CAP_NET_ADMIN). Requires Docker to be running (the DOCKER-USER chain must exist).

Important

Contributions are welcome! Please star this repository if you find it useful. For custom feature development or support, feel free to get in touch.

Install

Download a binary from Releases.

OS Arch
linux amd64
darwin arm64

Or build from source:

go install github.com/luzilla/iptablesf@latest

Usage

Add rules from a file

sudo iptablesf add --file blocklist.txt

The file contains one CIDR per line. Blank lines and # comments are skipped. Quoted entries ("10.0.0.0/8") are handled.

# example blocklist.txt
"192.168.1.0/24"
10.0.0.0/8

List rules

sudo iptablesf list

Clear all rules

Flushes the chain and restores the default -j RETURN rule.

sudo iptablesf clear

Custom chain

All commands accept --chain (default: DOCKER-USER):

sudo iptablesf --chain MY-CHAIN add --file blocklist.txt

Build

make build

Uses goreleaser.

About

Tool to manipulate iptable chains (written for DOCKER-USER injection)

Resources

Readme

License

View license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Apr 8, 2026

Contributors

Languages