FireHOL is a tool used to configure a stateful packet filtering firewall with iptables. It simplifies the process by allowing the user to specify rules and settings with ease. The tool is designed to make it easy for users to create a strong firewall for their systems.
FireHOL handles firewalls protecting one host on all its interfaces and any combination of stateful firewalls routing traffic from one interface to another. There are no limitations on the number of interfaces or on the number of routing routes, except the ones iptables has.
While there are still a few features that FireHOL lacks - such as QoS - you can extend FireHOL and send patches that can be integrated within it. Either way, you can embed normal iptables commands in a FireHOL configuration to do whatever iptables supports.
Since FireHOL produces stateful commands, it needs to know the flow of requests and replies for every supported service. Today, FireHOL supports many single socket protocols - such as HTTP, NNTP, SMTP, POP3, IMAP4, RADIUS, SSH, LDAP, MySQL, Telnet, NTP, DNS, and more - with a few dozen services defined in FireHOL. Plus, even if something is missing, you can define it.
FireHOL also supports many complex protocols like FTP, NFS, SAMBA, PPTP, etc. If you need some complex protocol that is not present, you will have to program it in simple BASH scripting.
In this release, FireHOL has been updated to parse the latest format of the IANA reservations page. Additionally, support for custom actions for services was added - which allows for actions that can be controlled externally without restarting the firewall. Several minor issues were fixed, such as providing better NAT support for all services, handling for external pager commands, kernel config parsing, a config wizard, etc.
Overall, FireHOL is a reliable and powerful firewall configurator suitable for those who want ultimate control over their firewall configuration.
Version R5 1.273: N/A