High level solution for firewalling with IPTables
Very good software:
1) one configuration file keep all configs: nice to manage via industrial strength configuration management tool (like RANCID)
2) high level configuration language
I install it on my firewall, embedded Linux Box (Devil Linux on CF flash), replacing Shorewall.
What is the next step ?
A true command line interface IOS like to configure it on the fly !
What is it with firehol and traceroute? There's nothing about it mentioned in the documentation, and very few is discussed when I search the web. How do you enable a firewalled host to be traceroute-able?
This program is excellent!
Trouble free, easy to use, very intuitive. This program makes very complex firewalling a snap. I love it and highly recommend it if you are searching for a firewall solution.
It generates excellent iptables rule-sets with a very easy but powerful configuration. It has support for many different complex services natively like samba and peer-to-peer firesharing applications.
If only firehol had native support for some form of QoS with tc or iptables it would be the perfect firewall solution. Without QoS the firewall needs to be complemented by other tools or manual packet queueing configuration.
Of all of the open source projects which are described by their authors as "simple yet powerful," very few can actually live up to it, and only a choice few can call such a description an understatement. Firehol is one of those choice few. Keep up the excellent work.
Well, FireHOL should be a default firewall configuration tool for modern server distributions.
Re: Great tool!
> Even for beginners it is definitly worth
> some things are missing though, MARKs
> for QoS, and ULOG support is only
> available via iptables commands. that
> needs some work. otherwise a really
> great approach to iptable configs!
MARKs are there - check the "mark" helper.
ULOG is in the CVS.
Even for beginners it is definitly worth trying.
some things are missing though, MARKs for QoS, and ULOG support is only available via iptables commands. that needs some work. otherwise a really great approach to iptable configs!
An open, cross-platform journaling program.
A scientific plotting package.