FireHOL
FireHOL is a shell script designed as a wrapper for iptables written to ease the customization of the Linux kernel's firewall netfilter.
Developer(s) | Costa Tsaousis |
---|---|
Stable release | v3.1.6
/ August 13, 2018 |
Preview release | v3.1.5-rc1
/ September 17, 2017 |
Repository | |
Written in | Bash |
Operating system | Linux |
Type | Firewall |
License | GNU GPL v2+ |
Website | firehol github |
FireHOL does not have graphical user interface, but is configured through an easy to understand plain text configuration file. A further advantage of FireHOL is its friendliness to beginners - you don't have to worry about the answer packet because FireHOL first parses the configuration file and then sets the appropriate iptables rules to achieve the expected firewall behavior.
It is a large, complex BASH script file, depending on the iptables console tools rather than communicating with the kernel directly. This has the advantage of portability; any Linux system with iptables, BASH, and the appropriate tools can run it. Its main drawback is slower starting times, particularly on older systems. Since this delay only happens once per boot—or less, if the resulting rules are saved to disk—high performance for this is not generally important except in embedded systems.
FireHOL also benefits from the shell's flexibility, being easily extended and configured to a high degree; FireHOL's configuration files are fully functional BASH scripts in of themselves. One can write scripts in normal shell syntax and they will operate as expected; one might loop a FireHOL statement to forward an entire set of ports, for example.
FireHOL is free software and open-source, distributed under the terms of the GNU General Public License.