Firewalling with FireHOL

  • user warning: Table 'cache' is marked as crashed and should be repaired query: SELECT data, created, headers, expire FROM cache WHERE cid = 'filter:1:cfa03d176df126b1f28fd0ff695c7287' in /home/dowdle/public_html/montanalinux/includes/database.mysql.inc on line 121.
  • user warning: Table 'cache' is marked as crashed and should be repaired query: UPDATE cache SET data = '<p><a href=\"http://firehol.sourceforge.net\" target=\"_new\">FireHOL</a> allows you to configure your firewall using a \"high-level\" language that anyone can read. Meanwhile, it allows all the power and flexibility you have come to expect from iptables.</p>\n<p>FireHOL\'s configuration is very readable, allowing you to specify services and networks by name, rather than as sets of numbers. FireHOL also automatically loads the needed iptables modules depending on the services you enable (irc, ftp, etc.) taking away the guess work. All in all, this makes for a shorter, simpler firewall config file that can be read and understood by others quickly and easily leaving less room for human error.</p>\n<p>FireHOL can be run interactively, returning the iptables it generates for each <a href=\"http://firehol.sourceforge.net/commands.html\" target=\"_new\">command</a> you give it. Built using <a href=\"http://www.gnu.org/software/bash/bash.html\" target=\"_new\">BASH</a>, FireHOL can use BASH statements directly in the configuration file, allowing for even greater flexibility.</p>\n<p>I recommend anyone running a Linux server or using Linux as a router/firewall to checkout FireHOL to see what it can do for you.</p>\n<br class=\"clear\" />', created = 1411098331, expire = 1411184731, headers = '' WHERE cid = 'filter:1:cfa03d176df126b1f28fd0ff695c7287' in /home/dowdle/public_html/montanalinux/includes/database.mysql.inc on line 121.
| | | |

FireHOL allows you to configure your firewall using a "high-level" language that anyone can read. Meanwhile, it allows all the power and flexibility you have come to expect from iptables.

FireHOL's configuration is very readable, allowing you to specify services and networks by name, rather than as sets of numbers. FireHOL also automatically loads the needed iptables modules depending on the services you enable (irc, ftp, etc.) taking away the guess work. All in all, this makes for a shorter, simpler firewall config file that can be read and understood by others quickly and easily leaving less room for human error.

FireHOL can be run interactively, returning the iptables it generates for each command you give it. Built using BASH, FireHOL can use BASH statements directly in the configuration file, allowing for even greater flexibility.

I recommend anyone running a Linux server or using Linux as a router/firewall to checkout FireHOL to see what it can do for you.