420
Comment:
|
← Revision 12 as of 2022-07-12 10:44:53 ⇥
2471
|
Deletions are marked like this. | Additions are marked like this. |
Line 4: | Line 4: |
* Links: [[SecurityFirewall]] [[linux/firewall]] | * Note: 2022-07 Start using [[Linux/NfTablesFirewall]] "nftfw package builds firewalls for nftables" * Note: 2022-06 loved Fireholl for iptables management, but now '''moving on''' as it does not support nftables. * [[Linux/NfTablesFirewall]] can be managed with nft tool that can execute scripts. * Links: [[SecurityFirewall]] , [[linux/firewall]] , [[Firewall/Rules]] |
Line 7: | Line 11: |
* Very compact syntax, easy to read. | * Very compact syntax, easy to read. |
Line 11: | Line 15: |
* Easy to extend , and supports multi uplink loadbalancing. | * Easy to extend , and supports multi up-link load-balancing. == Install Latest == * 2022 - install from git - https://github.com/firehol/firehol * Download debian SID/TESTing .deb packages * Firehol * download packages 201706 * wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol_3.1.1+ds-1_all.deb * wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-common_3.1.1+ds-1_all.deb * wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-doc_3.1.1+ds-1_all.deb * wget http://ftp.us.debian.org/debian/pool/main/i/iprange/iprange_1.0.3+ds-1_amd64.deb * wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools_3.1.1+ds-1_all.deb * wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools-doc_3.1.1+ds-1_all.deb * sudo apt install whois jq nfacct traceroute graphviz ipset iprange tcpdump * sudo dpkg -i iprange_1.0.3+ds-1_amd64.deb firehol-common_3.1.1+ds-1_all.deb firehol_3.1.1+ds-1_all.deb firehol-doc_3.1.1+ds-1_all.deb * Firehol-tools * sudo apt install curl wget git unzip screen * sudo dpkg -i firehol-tools_3.1.1+ds-1_all.deb firehol-tools-doc_3.1.1+ds-1_all.deb == IPSET == * Install tool * $ sudo apt install ipset * Install tool * $ sudo apt install iprange * Add iptables support * $ sudo apt install xtables-addons-common = Firehol rule examples = == Allow mosh ssh connections == * {{{ server_mosh_ports="udp/60000:61000" client_mosh_ports="default" # Accept all client traffic on any interface interface any world client all accept server "ssh ping dns" accept server "mosh" accept server "dhcp" accept client "dhcp" accept }}} |
Line 14: | Line 59: |
---- CategorySecurity |
FireHol - Firewall
Note: 2022-07 Start using Linux/NfTablesFirewall "nftfw package builds firewalls for nftables"
Note: 2022-06 loved Fireholl for iptables management, but now moving on as it does not support nftables.
Linux/NfTablesFirewall can be managed with nft tool that can execute scripts.
Links: SecurityFirewall , linux/firewall , Firewall/Rules
- A great tool to manage Linux iptables firewall rules
- Simple bash interpreter.
- Very compact syntax, easy to read.
- Support IPv4 and IPv6
- Same syntax used for QOS rules.
- Integrates with IPSET for black listing etc.
- Easy to extend , and supports multi up-link load-balancing.
- Simple bash interpreter.
Install Latest
2022 - install from git - https://github.com/firehol/firehol
- Download debian SID/TESTing .deb packages
- Firehol
- download packages 201706
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-common_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-doc_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/i/iprange/iprange_1.0.3+ds-1_amd64.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools_3.1.1+ds-1_all.deb
wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools-doc_3.1.1+ds-1_all.deb
- sudo apt install whois jq nfacct traceroute graphviz ipset iprange tcpdump
- sudo dpkg -i iprange_1.0.3+ds-1_amd64.deb firehol-common_3.1.1+ds-1_all.deb firehol_3.1.1+ds-1_all.deb firehol-doc_3.1.1+ds-1_all.deb
- download packages 201706
- Firehol-tools
- sudo apt install curl wget git unzip screen
- sudo dpkg -i firehol-tools_3.1.1+ds-1_all.deb firehol-tools-doc_3.1.1+ds-1_all.deb
IPSET
- Install tool
- $ sudo apt install ipset
- Install tool
- $ sudo apt install iprange
- Add iptables support
- $ sudo apt install xtables-addons-common
Firehol rule examples
Allow mosh ssh connections
server_mosh_ports="udp/60000:61000" client_mosh_ports="default" # Accept all client traffic on any interface interface any world client all accept server "ssh ping dns" accept server "mosh" accept server "dhcp" accept client "dhcp" accept
...