FireHOL / News: Recent posts

FireHOL R5 v1.273 released

Updated to parse the latest format of the IANA reservations page.

Added support for custom actions for services. This opens a way for allowing actions that can be controlled externally without restarting the firewall.
Fixed several minor issues (better NAT support for all services, handling for external pager command, kernel config parsing, config wizard, etc).

Posted by Costa Tsaousis 2008-07-31

FireHOL R5 v1.256 released.

This is just a minor update for the latest IANA reservations made a few days ago.
Also, the cron job script check-iana.sh has been supplied to allow the administrator get notified when IANA reservations change.

Posted by Costa Tsaousis 2007-05-22

FireHOL R5 v1.255 released!

This is a maintainance release mainly fixing kernel 2.6.20+ and BASH 3.2 issues and supporting external definitions of all IP address space definitions.

All users are advised to upgrade to this release.

Posted by Costa Tsaousis 2007-05-21

FireHOL R5 v1.226 released.

Release 1.224 still had a few issues with the security of the created temporary files. Fixed them all for good.

Posted by Costa Tsaousis 2005-01-30

FireHOL R5 v1.224 released.

This release fixes vulnerabilities where malicious local system users could use FireHOL's temporary files to overwrite arbitrary files on the system (See Secunia Advisory SA13970, http://secunia.com/advisories/13970/\). All users are advised to update to this version. This release includes new service definitions: ANYSTATELESS, TIMESTAMP and DICT. The following helpers have been added: TRANSPARENT_PROXY. Also, added support for knockd as an argument to the accept action.

Posted by Costa Tsaousis 2005-01-24

FireHOL R5 v1.214 released.

This is a major release which includes several updates and fixes. All users are advised to update to this version. This release includes new service definitions: NIS, NUT, NNTPS, ASTERISK, DARKSTAT, DISTCC, ESERVER, GIFT, GIFTUI, H323, IAX, IAX2, ICP, RTP, SIP, STUN, UPNP, RDP, NXSERVER, RADIUSPROXY, RADIUSOLDPROXY. The following service definitions have been updated: DHCP, SAMBA, NFS. The following helpers have been added: TOS, DSCP, TCPMSS, ECN_SHAME. The following optional rule parameters have been added: TOS, MARK, DSCP. Added support for automatic installation of service definitions with third party packages, in /etc/firehol/services/. Also, FireHOL now has improved interoperability with various Linux distributions, including BASH 3.x, updated RESERVED_IPS for current IANA IPv4 reservations, finer control on ACCEPTed services to allow controllable requests per second, the ability to control loopback traffic and support for service groups.

Posted by Costa Tsaousis 2004-11-01

FireHOL R5 v1.191 released.

This release features more services, including ORACLE, GKRELLMD, DCC, WHOIS, fixed CUPS, enhanced SAMBA services, new optional rule parameters, including PHYSIN, PHYSOUT, updated MAC helper, better compatibility, better kernel module management, support for ULOG logging, better iptables statements generation, updated PRIVATE_IPS for IANA reservations, and various bug fixes. All users are advised to update to this version.

Posted by Costa Tsaousis 2004-05-02

FireHOL R5 v1.159 released.

This release features more services including MSN, DCPP, JABBER, JABBERD, WEBMIN, TIME, POSTGRES, HYLAFAX, XDMCP, TFTP, Veritas NetBackup, many updates and fixes to other services, three new helpers, the MAC helper (global pairing of MAC and IP addresses), the BLACKLIST helper (blacklist certain IPs - unidirectional or bidirectional), the MARK helper (mark packets for use by QoS), two new optional rule parameters, MAC (match source MAC address) and OWNER (match the user sending traffic), and it also provides better interoperability with various distributions (mainly Gentoo - also firehol now detects if all needed commands are present), more control on kernel module management (and better detection of iptables modules compiled in the kernel), more control on firewall status during a firewall restart, cleaner iptables commands generation, better support for kernel 2.6.x, and more.

Posted by Costa Tsaousis 2003-10-12

FireHOL R5 v1.120 released.

The main new feature of this release is the HELPME function that detects and produces the FireHOL configuration for the host run. Additionally, this release introduces a new PANIC mode which is now handled entirely by FireHOL, has better handling of the MIRROR target, has wider support for SNMPTRAP and SYSLOG, a definition for the SOCKS service, and better interoperability with various Linux distributions (i.e. Debian).

Posted by Costa Tsaousis 2003-04-05

FireHOL R5 v1.91 released.

This release adds support for controlling log levels on a per rule basis, updated RESERVED_IPS variable according to the latest releases of IANA and a few minor fixes to increase compatibility on various Linux distributions.

Posted by Costa Tsaousis 2003-02-18

FireHOL R5 v1.89 released.

This release adds the service eMule (for clients, servers and routers), supporting the bi-directional socket environment required by the popular eDonkey network client.

Posted by Costa Tsaousis 2003-02-03

FireHOL R5 v1.88 released.

This release fixes all known problems relative to NAT support. FireHOL now fully supports DNAT, SNAT, REDIRECT and MASQUERADE implemented as helper commands, and also a transparent_squid helper for setting up transparent caches.

Posted by Costa Tsaousis 2003-01-31

FireHOL R5 v1.85 released.

Fixed the masquerade helper to handle the 'reverse' keyword correctly and accept the network interface as expected.

Posted by Costa Tsaousis 2003-01-28

FireHOL R5 v1.83 released.

This release adds support for NAT (SNAT, DNAT, REDIRECT), support for the OWNER iptables module (user, group, session, process), various error handler enhancements, support for runtime warnings (for missing kernel modules - now it runs on kernels compiled without modules), and a few work-arounds for bugs of iptables-save (regarding the owner module).

Posted by Costa Tsaousis 2003-01-27

FireHOL R5 v1.70 released.

In this release the services: ping, AH (IPSEC), ESP (IPSEC), GRE, microsoft_ds have been added, the action REJECT has been changed to be "smart" and send TCP RST on TCP and ICMP port unreachable on all other protocols, various speed optimizations have been applied, and a "transparent_squid" helper has been added to take care of port forwarding for setting up a transparent cache.

Posted by Costa Tsaousis 2003-01-08

FireHOL R5 v1.59 released.

This release adds control over iptables REJECT actions using the 'with' optional rule parameter, the AMANDA and APCUPSDNIS services, a few error handler enhancements, updated documentation and updated examples for ADSL-router, DMZ-server, DIALUP-router and OFFICE workstation.

Posted by Costa Tsaousis 2002-12-31

FireHOL R5 v1.52 released.

This release is mainly a security and bug fixing release. A potential security hole where an attacker could connect to any UDP port if in the configuration file there was a "client dns accept" and the attacker used source port 53, is fixed. Fixed a bug in the FTP service that prevented active FTP from working, made NFS service complain if it cannot find nfsd or mountd on the server's portmapper, fixed a bug in the command line arguments parsing when an alterate configuration file was given, and added an interactive mode ('explain') where iptables rules generation is shown and explained.

Posted by Costa Tsaousis 2002-12-19

FireHOL R5, v1.45 released.

Added Services: DHCP Relay, APTPROXY, APCUPSD and ISAKMP.

FireHOL is up to 10 times faster on complex firewall configurations.

Required kernel modules are now loaded during the activation of the firewall.

Saving of old firewall takes now place before processing the configuration file, in order to make sure it will not be altered by accident due to
some illegal commands in the configuration file.

FireHOL enables kernel routing automatically when there is at least a router defined in the configuration.... read more

Posted by Costa Tsaousis 2002-12-16

FireHOL R5, v1.33 released.

New improved error handler now detects most mis-configurations.
Improved core for handling quoted expressions better.
Re-wrote negative expressions for optimum - near hand made quality - iptables rules generation.
New improved help on the command line.
RPM for RedHat systems.
Now runs on Debian systems.
More services: ANY, UUCP, MULTICAST, VNC, WEBCACHE, SQUID, IMAPS, POP3S, IKE, SMTPS, SUBMISSION, SWAT, SNMPTRAP, PRIVOXY.

Posted by Costa Tsaousis 2002-12-07

FireHOL R5 v1.16 released.

FireHOL is an iptables firewall generator, producing stateful packet filtering commands. Its goal is to be completely abstracted and easy to use, audit, and understand. It provides the means to have consistent and simple firewalls for Linux hosts and Linux routers with any number of interfaces, and has been proven very helpful, especially for the security QA people. FireHOL is pre-configured for the following services: SMTP, IDENT, IMAP, POP3, SSH, TELNET, TFTP, DHCP, IRC, LDAP, HTTP, HTTPS, MYSQL, LPD, RADIUS, VMWARE GSX, NETBIOS NS, SYSLOG, SNMP, RSYNC, NTP, PORTMAP, HEARTBEAT, SAMBA, PPTP, NFS, DNS, FTP, ICMP, RNDC, NNTP, FINGER, ECHO, and DAYTIME. You can also configure FireHOL to support any service you like. All the services operate in server, client and router mode. FireHOL also supports a number of protections on both interfaces and routers: Packet fragments, new TCP without SYN, ICMP Floods, SYN Floods, and bad TCP Flags. All protections operate on interfaces and routers. ... read more

Posted by Costa Tsaousis 2002-10-31

FireHOL R5 v1.13 released.

FireHOL is an iptables firewall generator, producing stateful packet filtering commands. Its goal is to be completely abstracted and easy to use, audit, and understand. It has been designed with the production data center in mind. It provides the means to have consistent and simple firewalls for Linux hosts and Linux routers with any number of interfaces, and has been proven very helpful, especially for the security QA people. FireHOL is pre-configured for the following services: SMTP, IDENT, IMAP, POP3, SSH, TELNET, TFTP, DHCP, LDAP, HTTP, HTTPS, MYSQL, LPD, RADIUS, VMWARE GSX, NETBIOS NS, SYSLOG, SNMP, RSYNC, IRC, NTP, PORTMAP, HEARTBEAT, SAMBA, PPTP, NFS, DNS, FTP, ICMP, RNDC, NNTP, FINGER, ECHO, and DAYTIME. You can also configure FireHOL to support any service you like. ... read more

Posted by Costa Tsaousis 2002-10-28

FireHOL R5 v1.11 released.

FireHOL is an iptables firewall generator, producing stateful packet filtering commands. Its goal is to be completely abstracted and easy to use, audit, and understand. It has been designed with the production data center in mind. It provides the means to have consistent and simple firewalls for Linux hosts and Linux routers with any number of interfaces, and has been proven very helpful, especially for the security QA people. FireHOL is pre-configured for the following services: SMTP, IDENT, IMAP, POP3, SSH, TELNET, TFTP, DHCP, LDAP, HTTP, HTTPS, MYSQL, LPD, RADIUS, VMWARE GSX, NETBIOS NS, SYSLOG, SNMP, RSYNC, IRC, NTP, PORTMAP, HEARTBEAT, SAMBA, PPTP, NFS, DNS, FTP, ICMP, RNDC, NNTP, FINGER, ECHO, and DAYTIME. You can also configure FireHOL to support any service you like. ... read more

Posted by Costa Tsaousis 2002-10-27

FireHOL R5 v1.7 released.

FireHOL is an iptables firewall generator, producing stateful packet filtering commands. Its goal is to be completely abstracted and easy to use, audit, and understand. It has been designed with the production data center in mind. It provides the means to have consistent and simple firewalls for Linux hosts and Linux routers with any number of interfaces, and has been proven very helpful, especially for the security QA people. FireHOL is pre-configured for the following services: SMTP, IDENT, IMAP, POP3, SSH, TELNET, TFTP, DHCP, LDAP, HTTP, HTTPS, MYSQL, LPD, RADIUS, VMWARE GSX, NETBIOS NS, SYSLOG, SNMP, RSYNC, NTP, PORTMAP, HEARTBEAT, SAMBA, PPTP, NFS, DNS, FTP, ICMP, RNDC, NNTP, FINGER, ECHO, and DAYTIME. You can also configure FireHOL to support any service you like. ... read more

Posted by Costa Tsaousis 2002-10-20

FireHOL R5 v1.6 released.

FireHOL is an iptables firewall... for humans! FireHOL is an iptables stateful firewall generator for Linux hosts and Linux routers. It is completely dynamic, so that any number of interfaces, services (servers and clients) and routers can be defined. FireHOL has a language-like (BASH based) scripted configuration file.

This release adds support for RNDC and NNTP services.

Posted by Costa Tsaousis 2002-10-11

FireHOL R5 v1.5 released.

FireHOL is an iptables firewall... for humans! FireHOL is an iptables stateful firewall generator for Linux hosts and Linux routers. It is completely dynamic, so that any number of interfaces, services (servers and clients) and routers can be defined. FireHOL has a language-like (BASH based) scripted configuration file.

This release has better support for negative expressions using multiple arguments, better implementation of the DNS service, an rsync service definition and VMware GSX services.

Posted by Costa Tsaousis 2002-10-06

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks