summaryrefslogtreecommitdiff
path: root/network/firehol/README
diff options
context:
space:
mode:
Diffstat (limited to 'network/firehol/README')
-rw-r--r--network/firehol/README67
1 files changed, 67 insertions, 0 deletions
diff --git a/network/firehol/README b/network/firehol/README
new file mode 100644
index 0000000000..f80cae88cd
--- /dev/null
+++ b/network/firehol/README
@@ -0,0 +1,67 @@
+firehol is an easy to use but powerfull iptables stateful firewall for
+humans.
+
+FireHOL uses an extremely simple but powerfull way to define firewall rules
+which it turns into complete stateful iptables firewalls. FireHOL is a
+generic firewall generator, meaning that you can design any kind of local
+or routing stateful packet filtering firewalls with ease.
+
+You can run FireHOL with the 'helpme' argument, to get a configuration file
+for the system run, which you can modify according to your needs.
+
+You can find example config files in /usr/doc/firehol-<ver>/examples. This
+directory contains examples from a simple client machine, to a lan-wan
+gateway or an office server.
+
+The default config file in the package contains only a note about where to
+find config file examples (/usr/doc/firehol-<ver>/examples), because it is
+empty it is not handled as a usual config file. If a user has a real one,
+this "example" is simply deleted.
+
+There is a get-iana.sh script to fetch reserved IPs from iana, It is
+renamed to firehol-get-iana, and placed to /usr/sbin. You have to run it at
+least once, to silence firehol startup warnings about missing files.
+
+There is an adblock.sh script to fetch the IPs of popular add servers,
+which can be blacklisted, see the file for the details. It is renamed to
+firehol-adblock and it is in /usr/sbin.
+
+In addition to the man pages there is a full html documentation in
+/usr/doc/firehol-<ver>/html
+
+---
+
+For example this is a sample firewall for simple home machine with samba
+and ssh:
+
+>version 5
+>
+>interface any world
+> policy reject
+>
+> server dns accept
+> server dhcp accept
+> server icmp accept
+> server ssh accept
+> server samba accept
+>
+> client all accept
+
+---
+
+This is a stripped down home server and router configuration (for a
+sophisticated version of this file see /usr/doc/firehol)
+
+>version 5
+>
+>interface eth0 home
+> server "dns ftp samba squid dhcp http ssh icmp" accept
+> client "samba icmp" accept
+>
+>interface ppp+ internet
+> server "smtp http ftp" accept
+> client allaccept
+>
+>router home2internet inface eth0 outface ppp+
+> route all accept
+