FireHOL

From ArchWiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

FireHOL is a language (and a program to run it) to build secure, stateful firewalls from easy to understand, human-readable configuration files. The configuration stays readable even for very complex setups. In the background it interfaces with iptables (IPv4/IPv6).

Installation

Install fireholAUR or firehol-gitAUR.

Configuration

Initial Auto Configuration

Firehol comes with its own firewall wizard. All traffic is allowed by default. Using the wizard is the first step to get a basic firewall config which automatically detects all open port and interfaces running on the system.

# firehol wizard > /tmp/firehol.conf

The config is well documented. You find it at /tmp/firehol.conf. After finishing editing move it to /etc/firehol/firehol.conf. Then test run it with the command

# firehol try

You have 30 seconds trying and if you can make it permanent by starting and enabling firehol.service

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: stub (Discuss in Talk:FireHOL)

The configuration file is /etc/firehol/firehol.conf.

A good way to start learning its scripting declarations is by copying an Firehol example configuration.

The configuration file is bash file and has 3 parts:

  • helper
  • interface
  • router

Try, Run and Enable

You can test the configuration file's correctness by issuing:

# firehol try

or

# firehol nofast try

If the configuration is working, start/enable the firehol.service.

Tip: