FireHOL R5 1.273
FireHOL is a stateful iptables packet filtering firewall configurator.
Here are some key features of "FireHOL":
· FireHOL handles firewalls protecting one host on all its interfaces and any combination of stateful firewalls routing traffic from one interface to another. There are no limitations on the number of interfaces or on the number of routing routes (except the ones iptables has, if any).
· FireHOL, still lacks a few features: QoS for example is not supported directly. You are welcome to extend FireHOL and send me your patches to integrate within FireHOL. In any case however, you can embed normal iptables commands in a FireHOL configuration to do whatever iptables supports.
· Since FireHOL produces stateful commands, for every supported service it needs to know the flow of requests and replies. Today FireHOL supports the following services:
· Many single socket protocols, such as HTTP, NNTP, SMTP, POP3, IMAP4, RADIUS, SSH, LDAP, MySQL, Telnet, NTP, DNS, etc. There are a few dozens of such services defined in FireHOL. Check this list. Even if something is missing, you can define it.
· Many complex protocols, such as FTP, NFS, SAMBA, PPTP, etc. If you need some complex protocol that is not present, you will have to program it (in simple BASH scripting - there are many commented examples on how this is done). Again, you will just create one BASH function with the rules of the protocol, and FireHOL will turn it to a client, a server or a router.
What's New in This Release:
· This version was updated to parse the latest format of the IANA reservations page.
· Support for custom actions for services was added.
· This opens a way to allow actions that can be controlled externally without restarting the firewall.
· Several minor issues were fixed, providing better NAT support for all services, handling for external pager commands, kernel config parsing, a config wizard, etc.