FireHOL R5 1.273

FireHOL is a stateful iptables packet filtering firewall configurator.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!
send us
an update
GPL (GNU General Public License) 
3.0/5 5
Costa Tsaousis
ROOT \ System \ Monitoring
1 FireHOL Screenshot:
FireHOL is a stateful iptables packet filtering firewall configurator. It is abstracted, extensible, easy and powerful.It can handle any kind of firewall, but most importantly, it gives you the ways to configure it, the same way you think of it.

Here are some key features of "FireHOL":

FireHOL handles firewalls protecting one host on all its interfaces and any combination of stateful firewalls routing traffic from one interface to another. There are no limitations on the number of interfaces or on the number of routing routes (except the ones iptables has, if any).

FireHOL, still lacks a few features: QoS for example is not supported directly. You are welcome to extend FireHOL and send me your patches to integrate within FireHOL. In any case however, you can embed normal iptables commands in a FireHOL configuration to do whatever iptables supports.

Since FireHOL produces stateful commands, for every supported service it needs to know the flow of requests and replies. Today FireHOL supports the following services:

Many single socket protocols, such as HTTP, NNTP, SMTP, POP3, IMAP4, RADIUS, SSH, LDAP, MySQL, Telnet, NTP, DNS, etc. There are a few dozens of such services defined in FireHOL. Check this list. Even if something is missing, you can define it.

Many complex protocols, such as FTP, NFS, SAMBA, PPTP, etc. If you need some complex protocol that is not present, you will have to program it (in simple BASH scripting - there are many commented examples on how this is done). Again, you will just create one BASH function with the rules of the protocol, and FireHOL will turn it to a client, a server or a router.

What's New in This Release:

This version was updated to parse the latest format of the IANA reservations page.
Support for custom actions for services was added.
This opens a way to allow actions that can be controlled externally without restarting the firewall.
Several minor issues were fixed, providing better NAT support for all services, handling for external pager commands, kernel config parsing, a config wizard, etc.

Last updated on July 31st, 2008

#iptables firewall #iptables script #netfilter script #NETFILTER #IPTABLES #firewall #builder

Add your review!