Firehol
FireHOL is a language (and a program to run it) to build secure, stateful firewalls from easy to understand, human-readable configuration files. The configuration stays readable even for very complex setups. In the background it interfaces with iptables (IPv4/IPv6).
Installation
Install fireholAUR or firehol-gitAUR.
Configuration
The configuration file is /etc/firehol/firehol.conf
.
A good way to start learning its scripting declarations is by copying an Firehol example configuration.
The configuration file is bash file and has 3 parts:
- helper
- interface
- router
Try, Run and Enable
You can test the configuration file's correctness by issuing:
# firehol try
or
# firehol nofast try
If the configuration is working, start/enable the firehol.service
.
Tip:
- The package also includes FireQOS, a helper for Advanced traffic control. It is packaged with its own
fireqos.service
. - The netdata (or netdata-gitAUR) application for traffic monitoring, created by the same project authors, also is available. See Netdata for more information.