diff options
Diffstat (limited to 'network/firehol/README')
-rw-r--r-- | network/firehol/README | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/network/firehol/README b/network/firehol/README new file mode 100644 index 0000000000..f80cae88cd --- /dev/null +++ b/network/firehol/README @@ -0,0 +1,67 @@ +firehol is an easy to use but powerfull iptables stateful firewall for +humans. + +FireHOL uses an extremely simple but powerfull way to define firewall rules +which it turns into complete stateful iptables firewalls. FireHOL is a +generic firewall generator, meaning that you can design any kind of local +or routing stateful packet filtering firewalls with ease. + +You can run FireHOL with the 'helpme' argument, to get a configuration file +for the system run, which you can modify according to your needs. + +You can find example config files in /usr/doc/firehol-<ver>/examples. This +directory contains examples from a simple client machine, to a lan-wan +gateway or an office server. + +The default config file in the package contains only a note about where to +find config file examples (/usr/doc/firehol-<ver>/examples), because it is +empty it is not handled as a usual config file. If a user has a real one, +this "example" is simply deleted. + +There is a get-iana.sh script to fetch reserved IPs from iana, It is +renamed to firehol-get-iana, and placed to /usr/sbin. You have to run it at +least once, to silence firehol startup warnings about missing files. + +There is an adblock.sh script to fetch the IPs of popular add servers, +which can be blacklisted, see the file for the details. It is renamed to +firehol-adblock and it is in /usr/sbin. + +In addition to the man pages there is a full html documentation in +/usr/doc/firehol-<ver>/html + +--- + +For example this is a sample firewall for simple home machine with samba +and ssh: + +>version 5 +> +>interface any world +> policy reject +> +> server dns accept +> server dhcp accept +> server icmp accept +> server ssh accept +> server samba accept +> +> client all accept + +--- + +This is a stripped down home server and router configuration (for a +sophisticated version of this file see /usr/doc/firehol) + +>version 5 +> +>interface eth0 home +> server "dns ftp samba squid dhcp http ssh icmp" accept +> client "samba icmp" accept +> +>interface ppp+ internet +> server "smtp http ftp" accept +> client allaccept +> +>router home2internet inface eth0 outface ppp+ +> route all accept + |