FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
|Tags||Internet Security Networking Firewalls|
|Operating Systems||POSIX Linux|
|Implementation||Unix Shell bash|
Release Notes: This version was updated to parse the latest format of the IANA reservations page. Support for custom actions for services was added. This opens a way to allow actions that can be controlled externally without restarting the firewall. Several minor issues were fixed, providing better NAT support for all services, handling for external pager commands, kernel config parsing, a config wizard, etc.
Release Notes: Minor updates were made for the latest IANA reservations. A check-iana.sh cron job script was provided to notify the administrator when IANA reservations change.
Release Notes: This maintenance release mainly fixed kernel 2.6.20+ and BASH 3.2 issues and added support for external definitions of all IP address space definitions. All users are advised to upgrade to this release.
Release Notes: This version fixes issues with the security of the created temporary files.
Release Notes: This release fixed vulnerabilities where malicious local system users could use FireHOL's temporary files to overwrite arbitrary files on the system. All users are advised to update to this version. This release included new service definitions: ANYSTATELESS, TIMESTAMP, and DICT. A TRANSPARENT_PROXY helper was added. Support for knockd as an argument to the accept action was added.