Wireshark: Create Firewall Rules
Security - Security Tools

Start Wireshark and capture packets to analyze. When you see a packet that you want to DROP or ACCEPT, highlight it and then choose Analyze from the Menu and then select Netfilter(iptables) as the Product. There are additional options that you may choose for Product including; Cisco IOS, IP Filter, IPFirewall, and Windows Firewall. You will see this window.

wireshark

If you want to DROP the connection check the Deny box in the upper right hand corner. If you want to ACCEPT the connection uncheck the Deny option.

wireshark

Select Inbound if you are wanting a rule for INPUT on the firewall. If you uncheck Inbound it will create a OUPUT rule.

 

 

wireshark

 

The Filter option will provide a number of different ways to create a firewall rule. In this example, a connection to a proxy server is captured and will allow you to write a rule in relationship to that connection. The proxy is at 192.168.7.2 and the connection to it is made from 192.168.7.178 as you see on the highlighted blue line. This provides a number of ways to write rules for this relationship.

wireshark

In this example the filter will create an ACCEPT rule for the proxy .

wireshark

This example shows an ACCEPT rule for the proxy with the detail of a destination port listed as well as the protocol.

wireshark