-
Cf. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556575
Please list entries in the major section of manual page in
alphabetical order for easier reading and searching:
Subcommands
Helper commands
Optional Rule Parameters
Actions
...etc
Optional Rule Parameters
...etc
Variables that...
2009-11-17 08:15:57 UTC by jaalto
-
firehol.conf is a BASH script. As such it supports includes already.
Example:
source my-other.conf
. my-new.conf
The dot '.' is a alias for 'source'.
2009-11-15 17:28:48 UTC by ktsaou
-
Please list found ports in numeric order. This would be easier to inspect.
$ nmap -A -v
Discovered open port 80/tcp on 192.168.1.2
Discovered open port 111/tcp on 192.168.1.2
Discovered open port 139/tcp on 192.168.1.2
Discovered open port 445/tcp on 192.168.1.2
Discovered open port 22/tcp on 192.168.1.2
Discovered open port 21/tcp on 192.168.1.2
Discovered open port 993/tcp on...
2009-11-06 18:56:52 UTC by jaalto
-
Please add a simple INCLUDE command that would simply "dump" the contents of another file into current position. This would allow breaking up the monolithic firehol.conf into manageable parts. This would be useful especially when files are version controlled adn shared between multiple hosts.
firehol-ports.conf # port definitions
firehol-hosts-local.conf
firehol-hosts-external.conf...
2009-11-06 18:31:51 UTC by jaalto
-
I'm having some difficulties with a very simple firewall. Sometimes ssh and scp connections stall. I've captured entire sessions at both ends with tcpdump, and it appears that my problem is that my firewall is dropping some packets.
My firehol.conf is very simple:
--------------------------
interface any world
policy drop
client all accept
server ssh accept
server icmp accept.
2009-10-22 18:20:04 UTC by michal3
-
# $Id: firehol.sh,v 1.273 2008/07/31 00:46:41 ktsaou Exp $
Line 6962:
is:
if [ ! -z "${server_yppasswd_ports}" ]
should be:
if [ ! -z "${server_yppasswdd_ports}" ].
2009-10-06 20:30:22 UTC by nobody
-
ktsaou committed patchset 473 of module firehol to the FireHOL CVS repository, changing 1 files.
2009-10-01 10:25:23 UTC by ktsaou
-
Hi,
I have had problems with installing a filter on my Suse distribution. Squid works fine, but firefox or opera can easily work around it by using some different ports (and I don't want to start blocking every single port).
Is there a simple way of how to route all traffic with the outside world using firehol to one port?
I have previously done close to nothing with filters, proxies...
2009-09-03 20:48:56 UTC by ishere
-
I found the problem, the remote machine has several IPs and it replies using another interface, so iptables could not relate the outgoing and incoming packets.
2009-08-24 21:58:37 UTC by atesio
-
Hi,
I have snmp servers running on machines A and B.
When I start firehol on the machine B, snmp requests from B to A fail
with a timeout.
When firehol is stopped, it works fine.
I can see such a log on the machine B:
Aug 18 08:33:24 sd-18517 kernel: [4671769.087536] ''IN-inet':'IN=eth0
OUT= MAC=00:15:17:9c:be:a8:00:24:97:da:5f:bf:08:00 SRC=IP_A DST=IP_B
LEN=128 TOS=0x00...
2009-08-20 12:47:50 UTC by alain-tesio
