FireHOL
FireHOL is a language (and a program to run it) to build secure, stateful firewalls from easy to understand, human-readable configuration files. The configuration stays readable even for very complex setups. In the background it interfaces with iptables (IPv4/IPv6).
Installation
Install fireholAUR or firehol-gitAUR.
Configuration
Initial Auto Configuration
Firehol comes with its own firewall wizard. All traffic is allowed by default. Using the wizard is the first step to get a basic firewall configuration which automatically detects all open port and interfaces running on the system.
# firehol wizard > /tmp/firehol.conf
The configuration is well documented. You find it at /tmp/firehol.conf. After finishing editing move it to /etc/firehol/firehol.conf. Then test run it with the command
# firehol try
You have 30 seconds trying and if you can make it permanent by starting and enabling firehol.service
The configuration file is /etc/firehol/firehol.conf.
A good way to start learning its scripting declarations is by copying an Firehol example configuration.
The configuration file is bash file and has 3 parts:
- helper
- interface
- router
Try, Run and Enable
You can test the configuration file's correctness by issuing:
# firehol try
or
# firehol nofast try
If the configuration is working, start/enable the firehol.service.
- The package also includes FireQOS, a helper for Advanced traffic control. It is packaged with its own
fireqos.service. - The netdata (or netdata-gitAUR) application for traffic monitoring, created by the same project authors, also is available. See Netdata for more information.