OnlineCyberTools MCP (280+ filterable tools)

linux_iptables_rule_generator

Read-onlyIdempotent

Generate iptables and nftables firewall scripts from a structured rule description. Validates inputs and outputs rule text with explanations and warnings.

Instructions

Iptables And Nftables Firewall Rule Generator. Generate iptables-restore (rules.v4) and nftables (nft.conf) firewall scripts from a structured firewall description: default INPUT/FORWARD/OUTPUT chain policies, an ordered rule list (protocol, source/destination IP plus CIDR, ports, interface, action), NAT and port forwarding (DNAT/SNAT/MASQUERADE), and the common conveniences (allow loopback, allow established/related, rate-limited log-drops). Use this to author Linux netfilter rulesets; use linux_ssh_config_generator instead for ssh_config and sshd_config. It only emits rule TEXT and never runs iptables, touches no network, and reads no database: read-only, non-destructive, and rate-limited (30 requests/minute for anonymous callers). Validates IPs, CIDR suffixes, and port specs, and emits lockout warnings (such as a DROP policy without an SSH allow rule). Set operation to presets to list the 9 ready-made templates. Returns both scripts plus per-rule explanations, warnings, and target file paths.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`operation`	No	generate builds firewall scripts from the input fields below; presets ignores all other fields and returns the 9 built-in templates.	generate
`defaults`	No	Default chain policies applied when generating (defaults: input ACCEPT, forward DROP, output ACCEPT).
`rules`	No	Ordered firewall rules. Each rule maps to one iptables -A line (and an nftables equivalent). Invalid rows are silently skipped.
`allowEstablished`	No	Prepend an INPUT rule accepting ESTABLISHED and RELATED connections via conntrack.
`allowLoopback`	No	Prepend an INPUT rule accepting all traffic on the loopback interface.
`logDrops`	No	Append a rate-limited LOG rule on INPUT before the default policy applies.

Output Schema

TableJSON Schema

Name	Required	Description
`success`	No	Whether the request succeeded.
`operation`	No	The operation performed (generate or presets).
`result`	No	For generate: the produced scripts. For presets: a presets array of named templates.

Tool Definition Quality

A4.8/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Description adds value beyond annotations: explains it is read-only, non-destructive, rate-limited, validates IPs/ports, emits lockout warnings. Annotations already indicate readOnlyHint true and destructiveHint false, but description enriches with specific details about rate limiting and validation.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Description is thorough but somewhat dense. It front-loads the purpose and key characteristics, then covers usage, limitations, and return values. Could be slightly more concise, but no redundant sentences.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given complexity (6 parameters, nested objects, output schema), the description is complete. It covers return format (scripts plus explanations, warnings, file paths), validation, lockout warnings, and presets. Output schema exists but description supplements it well.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100% with clear property descriptions. The description adds context like silent skip of invalid rows, presets operation behavior, and lockout warnings, which enhance understanding beyond the schema. Baseline 3 due to high coverage, plus extra context justifies 4.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the tool generates iptables-restore and nftables firewall scripts from a structured description, with specific verb 'Generate' and resource 'firewall scripts'. Distinguishes from sibling linux_ssh_config_generator by explicitly mentioning what it does not do.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use ('author Linux netfilter rulesets') and when not ('use linux_ssh_config_generator instead for ssh_config and sshd_config'). Provides context that it only emits text and never runs iptables, with rate limits and validation behavior.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jambozx/onlinecybertools-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server