Projects / FireHOL / Comments

Comments for FireHOL

12 Jan 2008 14:12 amontefusco

High level solution for firewalling with IPTables
Very good software:

1) one configuration file keep all configs: nice to manage via industrial strength configuration management tool (like RANCID)

2) high level configuration language

I install it on my firewall, embedded Linux Box (Devil Linux on CF flash), replacing Shorewall.

What is the next step ?

A true command line interface IOS like to configure it on the fly !

*am*

01 Feb 2007 20:52 pascaldamian

Traceroute?
What is it with firehol and traceroute? There's nothing about it mentioned in the documentation, and very few is discussed when I search the web. How do you enable a firewalled host to be traceroute-able?

25 Feb 2005 01:39 dankrones

This program is excellent!
Trouble free, easy to use, very intuitive. This program makes very complex firewalling a snap. I love it and highly recommend it if you are searching for a firewall solution.

19 Jul 2004 05:51 sk6307

Excellent
It generates excellent iptables rule-sets with a very easy but powerful configuration. It has support for many different complex services natively like samba and peer-to-peer firesharing applications.

If only firehol had native support for some form of QoS with tc or iptables it would be the perfect firewall solution. Without QoS the firewall needs to be complemented by other tools or manual packet queueing configuration.

13 Jul 2004 07:59 exPFCLucas

An Understatement
Of all of the open source projects which are described by their authors as "simple yet powerful," very few can actually live up to it, and only a choice few can call such a description an understatement. Firehol is one of those choice few. Keep up the excellent work.

16 Apr 2004 22:25 inductor

Excellent!
Well, FireHOL should be a default firewall configuration tool for modern server distributions.

29 Dec 2003 15:40 ktsaou

Re: Great tool!

> Even for beginners it is definitly worth
> trying.
>
> some things are missing though, MARKs
> for QoS, and ULOG support is only
> available via iptables commands. that
> needs some work. otherwise a really
> great approach to iptable configs!


MARKs are there - check the "mark" helper.
ULOG is in the CVS.

Thanks.

Costa

17 Dec 2003 05:03 ctrlc

Great tool!
Even for beginners it is definitly worth trying.

some things are missing though, MARKs for QoS, and ULOG support is only available via iptables commands. that needs some work. otherwise a really great approach to iptable configs!

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.