1704
Comment:
|
2074
|
Deletions are marked like this. | Additions are marked like this. |
Line 36: | Line 36: |
= Firehol rule examples = == Allow mosh ssh connections == * {{{ server_mosh_ports="udp/60000:61000" client_mosh_ports="default" # Accept all client traffic on any interface interface any world client all accept server "ssh ping dns" accept server "mosh" accept server "dhcp" accept client "dhcp" accept }}} |
FireHol - Firewall
Links: SecurityFirewall , linux/firewall , Firewall/Rules
- A great tool to manage Linux iptables firewall rules
- Simple bash interpreter.
- Very compact syntax, easy to read.
- Support IPv4 and IPv6
- Same syntax used for QOS rules.
- Integrates with IPSET for black listing etc.
- Easy to extend , and supports multi up-link load-balancing.
- Simple bash interpreter.
Install Latest
- Download debian SID/TESTing .deb packages
- Firehol
- download packages 201706
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-common_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-doc_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/i/iprange/iprange_1.0.3+ds-1_amd64.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools-doc_3.1.1+ds-1_all.deb
- sudo apt install whois jq nfacct traceroute graphviz ipset iprange tcpdump
- sudo dpkg -i iprange_1.0.3+ds-1_amd64.deb firehol-common_3.1.1+ds-1_all.deb firehol_3.1.1+ds-1_all.deb firehol-doc_3.1.1+ds-1_all.deb
- download packages 201706
- Firehol-tools
- sudo apt install curl wget git unzip screen
- sudo dpkg -i firehol-tools_3.1.1+ds-1_all.deb firehol-tools-doc_3.1.1+ds-1_all.deb
IPSET
- Install tool
- $ sudo apt install ipset
- Install tool
- $ sudo apt install iprange
- Add iptables support
- $ sudo apt install xtables-addons-common
Firehol rule examples
Allow mosh ssh connections
server_mosh_ports="udp/60000:61000" client_mosh_ports="default" # Accept all client traffic on any interface interface any world client all accept server "ssh ping dns" accept server "mosh" accept server "dhcp" accept client "dhcp" accept
...