FireHOL is a generic firewall generator, meaning that you can design any kind
of local or routing stateful packet filtering firewalls with ease. Install
FireHOL if you want an easy way to configure stateful packet filtering
firewalls on Linux hosts and routers.
FireHOL uses an extremely simple but powerful way to define firewall rules
which it turns into complete stateful iptables firewalls.
You can run FireHOL with the 'helpme' argument, to get a configuration
file for the system run, which you can modify according to your
needs. The default configuration file will allow only client traffic
on all interfaces.
firehol Running firehol invokes iptables(8) to manipulate your firewall. Run without any arguments, firehol will present some help on usage. When given CONFIGFILE... fireqos FireQOS is a helper to assist you configure traffic shaping on Linux. Run without any arguments, fireqos will present some help on usage. When given CONFIGFILE... firehol-action The action helper command creates an iptables(8) chain which can be used to control the action of other firewall rules once the firewall is running. For... firehol-actions These actions are the actions to be taken on traffic that has been matched by a particular rule. FireHOL will also pass through any actions that iptables(8)... firehol-blacklist The blacklist helper command creates a blacklist for the ip list given (which can be in quotes or not). If the type full or one of its aliases is supplied, or... firehol-classify The classify helper command puts matching traffic into the specified traffic shaping class. The class is a class as used by iptables(8) and tc(8) (e.g... firehol-client The client subcommand defines a client of a service on an interface or router. Any rule-params given to a parent interface or router are inherited by the... firehol-conf /etc/firehol/firehol.conf is the default configuration file for firehol(1). It defines the stateful firewall that will be produced. firehol-connmark The connmark helper command sets a mark on a whole connection. It applies to both directions. firehol-dscp The dscp helper command sets the DSCP field in the header of packets traffic, to allow QoS shaping. firehol-group The group command allows you to group together multiple client and server commands. Grouping commands with common options (see firehol-params(5)) allows the... firehol-interface An interface definition creates a firewall for protecting the host on which the firewall is running. The default policy is DROP, so that if no subcommands are... firehol-iptables The iptables and ip6tables helper commands pass all of their arguments to the real iptables(8) or ip6tables(8) at the appropriate point during run-time. firehol-mac Any mac commands will affect all traffic destined for the firewall host, or to be forwarded by the host. They must be declared before the first router or... firehol-mark The mark helper command sets a mark on packets that can be matched by traffic shaping tools for controlling the traffic. firehol-masquerade The masquerade helper command sets up masquerading on the output of a real network interface (as opposed to a FireHOL interface definition). If a real-interface... firehol-modifiers Without a modifier, interface and router definitions and commands that come before either will be applied to both IPv4 and IPV6. Commands within an interface or... firehol-nat Destination NAT is provided by nat to-destination and its synonym dnat. Source NAT is provided by nat to-source and its synonym snat. Redirection to a port on... firehol-params Optional rule parameters are accepted by many commands to narrow the match they make. Not all parameters are accepted by all commands so you should check the... firehol-protection The protection subcommand sets protection rules on an interface or router. Flood protections honour the values requests/period and burst. They are used to limit... firehol-proxy The transparent_proxy helper command sets up transparent caching for TCP traffic. The transparent_squid helper command sets up the special case for HTTP traffic... firehol-router A router definition consists of a set of rules for traffic passing through the host running the firewall. The default policy for router definitions is RETURN... firehol-server The server subcommand defines a server of a service on an interface or router. Any rule-params given to a parent interface or router are inherited by the... firehol-services service: AHservice: allservice: amandaservice: anyservice: anystatelessservice: apcupsdservice: apcupsdnisservice: aptproxyservice: asteriskservice... firehol-tcpmss The tcpmss helper command sets the MSS (Maximum Segment Size) of TCP SYN packets routed through the firewall. This can be used to overcome situations where Path... firehol-tos The tos helper command sets the Type of Service (TOS) field in packet headers. firehol-tosfix The tosfix helper command sets the Type of Service (TOS) field in packet headers based on the suggestions given by Erik Hensema in iptables and tc shaping... firehol-variables There are a number of variables that control the behaviour of FireHOL. All variables may be set in the main FireHOL configuration file... firehol-version The version helper command states the configuration file version. If the value passed is newer than the running version of FireHOL supports, FireHOL will not... fireqos-conf This file defines the traffic shaping that will be applied by fireqos(1). The default configuration file is /etc/firehol/fireqos.conf. It can be overridden from... fireqos-interface Writing interface or interface4 applies traffic shaping rules only to IPv4 traffic. Writing interface6 applies traffic shaping rules only to IPv6 traffic... fireqos-match Writing match inherits the IPv4/IPv6 version from its enclosing class (see fireqos-class(5)). Writing match4 includes only IPv4 traffic in the match. Writing... fireqos-params Some optional parameter names are the same for both class and match. This page exists as a placeholder to help you find the appropriate documentation. If you... fireqos-params-class All of the options apply to interface and class statements. Units for speeds are defined in fireqos.conf(5).rate, commit, min When a committed rate of speed is... fireqos-params-match These options apply to match statements.at By default a match is attached to the parent of its parent class. For example, if its parent is a class directly...