FireHol - Firewall

• Links: SecurityFirewall , linux/firewall , Firewall/Rules

• A great tool to manage Linux iptables firewall rules
  • Simple bash interpreter.
    • Very compact syntax, easy to read.
  • Support IPv4 and IPv6
  • Same syntax used for QOS rules.
  • Integrates with IPSET for black listing etc.
  • Easy to extend , and supports multi up-link load-balancing.

Install Latest

• Download debian SID/TESTing .deb packages
• Firehol
  • download packages 201706

    • wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol_3.1.1+ds-1_all.deb

    • wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-common_3.1.1+ds-1_all.deb

    • wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-doc_3.1.1+ds-1_all.deb

    • wget http://ftp.us.debian.org/debian/pool/main/i/iprange/iprange_1.0.3+ds-1_amd64.deb

    • wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools_3.1.1+ds-1_all.deb

    • wget http://ftp.us.debian.org/debian/pool/main/f/firehol/firehol-tools-doc_3.1.1+ds-1_all.deb

  • sudo apt install whois jq nfacct traceroute graphviz ipset iprange tcpdump
  • sudo dpkg -i iprange_1.0.3+ds-1_amd64.deb firehol-common_3.1.1+ds-1_all.deb firehol_3.1.1+ds-1_all.deb firehol-doc_3.1.1+ds-1_all.deb
• Firehol-tools
  • sudo apt install curl wget git unzip screen
  • sudo dpkg -i firehol-tools_3.1.1+ds-1_all.deb firehol-tools-doc_3.1.1+ds-1_all.deb

IPSET

• Install tool
  • $ sudo apt install ipset
• Install tool
  • $ sudo apt install iprange
• Add iptables support
  • $ sudo apt install xtables-addons-common

Firehol rule examples

Allow mosh ssh connections

• server_mosh_ports="udp/60000:61000"
  client_mosh_ports="default"
  
  # Accept all client traffic on any interface
  interface any world
          client all accept
          server "ssh ping dns" accept
          server "mosh" accept
          server "dhcp" accept
          client "dhcp" accept

...