FireHol - Firewall

Note: 2022-07 Start using Linux/NfTablesFirewall "nftfw package builds firewalls for nftables"
Note: 2022-06 loved Fireholl for iptables management, but now moving on as it does not support nftables.
- Linux/NfTablesFirewall can be managed with nft tool that can execute scripts.
Links: SecurityFirewall , linux/firewall , Firewall/Rules
A great tool to manage Linux iptables firewall rules
- Simple bash interpreter.
  - Very compact syntax, easy to read.
- Support IPv4 and IPv6
- Same syntax used for QOS rules.
- Integrates with IPSET for black listing etc.
- Easy to extend , and supports multi up-link load-balancing.

Install Latest

2022 - install from git - https://github.com/firehol/firehol
Download debian SID/TESTing .deb packages
Firehol
- download packages 201706
- sudo apt install whois jq nfacct traceroute graphviz ipset iprange tcpdump
- sudo dpkg -i iprange_1.0.3+ds-1_amd64.deb firehol-common_3.1.1+ds-1_all.deb firehol_3.1.1+ds-1_all.deb firehol-doc_3.1.1+ds-1_all.deb
Firehol-tools
- sudo apt install curl wget git unzip screen
- sudo dpkg -i firehol-tools_3.1.1+ds-1_all.deb firehol-tools-doc_3.1.1+ds-1_all.deb

IPSET

Install tool
- $ sudo apt install ipset
Install tool
- $ sudo apt install iprange
Add iptables support
- $ sudo apt install xtables-addons-common

Firehol rule examples

Allow mosh ssh connections

server_mosh_ports="udp/60000:61000"
client_mosh_ports="default"

# Accept all client traffic on any interface
interface any world
        client all accept
        server "ssh ping dns" accept
        server "mosh" accept
        server "dhcp" accept
        client "dhcp" accept

...

CategorySecurity