diff --git a/sio1/ferm/tppf/fw.sh b/sio1/ferm/tppf/fw.sh
new file mode 100755
index 0000000..c05ecde
--- /dev/null
+++ b/sio1/ferm/tppf/fw.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+sysctl -w net.ipv4.ip_forward=1
+
diff --git a/sio1/ferm/tppf/fw1.sh b/sio1/ferm/tppf/fw1.sh
new file mode 100755
index 0000000..1fa23ca
--- /dev/null
+++ b/sio1/ferm/tppf/fw1.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+sysctl -w net.ipv4.ip_forward=1
+iptables -F -t filter
+iptables -F  nat
+
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
diff --git a/sio1/ferm/tppf/fw3.sh b/sio1/ferm/tppf/fw3.sh
new file mode 100755
index 0000000..add2e12
--- /dev/null
+++ b/sio1/ferm/tppf/fw3.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+sysctl -w net.ipv4.ip_forward=1
+iptables -F -t filter
+iptables -F  nat
+
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
+iptables -A INPUT -p tcp --sport 80 -j ACCEPT
+
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+
+iptables -A OUTPUT -p tcp -d 10.121.38.1 --dport 8080 -j ACCEPT
+iptables -A INPUT -p tcp -d 10.121.38.1 --sport 8080 -j ACCEPT
diff --git a/sio1/ferm/tppf/fw3.sh.save b/sio1/ferm/tppf/fw3.sh.save
new file mode 100755
index 0000000..fec7282
--- /dev/null
+++ b/sio1/ferm/tppf/fw3.sh.save
@@ -0,0 +1,16 @@
+#!/bin/bash
+sysctl -w net.ipv4.ip_forward=1
+iptables -F -t filter
+iptables -F  nat
+
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT 
diff --git a/sio1/ferm/tppf/fw3.sh.save.1 b/sio1/ferm/tppf/fw3.sh.save.1
new file mode 100755
index 0000000..f30173b
--- /dev/null
+++ b/sio1/ferm/tppf/fw3.sh.save.1
@@ -0,0 +1,22 @@
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+#!/bin/bash
+sysctl -w net.ipv4.ip_forward=1
+iptables -F -t filter
+iptables -F  nat
+
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+iptables -A INPUT -p tcp -m multiport --dports 53,80,21 -j ACCEPT
+iptables -A OUTPUT -p tcp -m multiport --sports 53,80,21 -j ACCEPT
+
+
diff --git a/sio1/ferm/tppf/fw4.sh b/sio1/ferm/tppf/fw4.sh
new file mode 100755
index 0000000..117ae8d
--- /dev/null
+++ b/sio1/ferm/tppf/fw4.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+sysctl -w net.ipv4.ip_forward=1
+iptables -F -t filter
+iptables -F  nat
+
+iptables -P INPUT DROP
+iptables -P OUTPUT DROP
+iptables -P FORWARD DROP
+
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
+iptables -A INPUT -p tcp --sport 80 -j ACCEPT
+
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+
+iptables -A OUTPUT -p tcp -d 10.121.38.1 --dport 8080 -j ACCEPT
+iptables -A INPUT -p tcp -d 10.121.38.1 --sport 8080 -j ACCEPT
+
+iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
+iptables -A FORWARD -o enp0s3 -j ACCEPT
+iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+
+