mirror of
https://github.com/Ponce/slackbuilds
synced 2024-10-29 18:42:51 +01:00
68 lines
2.1 KiB
Text
68 lines
2.1 KiB
Text
|
firehol is an easy to use but powerfull iptables stateful firewall for
|
||
|
humans.
|
||
|
|
||
|
FireHOL uses an extremely simple but powerfull way to define firewall rules
|
||
|
which it turns into complete stateful iptables firewalls. FireHOL is a
|
||
|
generic firewall generator, meaning that you can design any kind of local
|
||
|
or routing stateful packet filtering firewalls with ease.
|
||
|
|
||
|
You can run FireHOL with the 'helpme' argument, to get a configuration file
|
||
|
for the system run, which you can modify according to your needs.
|
||
|
|
||
|
You can find example config files in /usr/doc/firehol-<ver>/examples. This
|
||
|
directory contains examples from a simple client machine, to a lan-wan
|
||
|
gateway or an office server.
|
||
|
|
||
|
The default config file in the package contains only a note about where to
|
||
|
find config file examples (/usr/doc/firehol-<ver>/examples), because it is
|
||
|
empty it is not handled as a usual config file. If a user has a real one,
|
||
|
this "example" is simply deleted.
|
||
|
|
||
|
There is a get-iana.sh script to fetch reserved IPs from iana, It is
|
||
|
renamed to firehol-get-iana, and placed to /usr/sbin. You have to run it at
|
||
|
least once, to silence firehol startup warnings about missing files.
|
||
|
|
||
|
There is an adblock.sh script to fetch the IPs of popular add servers,
|
||
|
which can be blacklisted, see the file for the details. It is renamed to
|
||
|
firehol-adblock and it is in /usr/sbin.
|
||
|
|
||
|
In addition to the man pages there is a full html documentation in
|
||
|
/usr/doc/firehol-<ver>/html
|
||
|
|
||
|
---
|
||
|
|
||
|
For example this is a sample firewall for simple home machine with samba
|
||
|
and ssh:
|
||
|
|
||
|
>version 5
|
||
|
>
|
||
|
>interface any world
|
||
|
> policy reject
|
||
|
>
|
||
|
> server dns accept
|
||
|
> server dhcp accept
|
||
|
> server icmp accept
|
||
|
> server ssh accept
|
||
|
> server samba accept
|
||
|
>
|
||
|
> client all accept
|
||
|
|
||
|
---
|
||
|
|
||
|
This is a stripped down home server and router configuration (for a
|
||
|
sophisticated version of this file see /usr/doc/firehol)
|
||
|
|
||
|
>version 5
|
||
|
>
|
||
|
>interface eth0 home
|
||
|
> server "dns ftp samba squid dhcp http ssh icmp" accept
|
||
|
> client "samba icmp" accept
|
||
|
>
|
||
|
>interface ppp+ internet
|
||
|
> server "smtp http ftp" accept
|
||
|
> client allaccept
|
||
|
>
|
||
|
>router home2internet inface eth0 outface ppp+
|
||
|
> route all accept
|
||
|
|