Recent changes to support-requests

Use https://github.com/ktsaou/firehol/issues

2015-03-02T07:46:11.487000Z

Use http://lists.firehol.org/mailman/listinfo/firehol-support or https://github.com/ktsaou/firehol/issues for support requests

#23 avahi service definition

2014-08-27T11:11:06.167000Z

log user

2009-12-04T19:42:17Z

Can firehol include the user id of originating packages in the log? (use iptables --log-uid)

avahi service definition

2009-11-30T16:32:16Z

It would be nice if th avahi service (network discovery also called zeroconf or bonjour) would be defined. It uses port 5353 seemingly plus another upper range port (do not have more info about it). Avahi runns by default for example on *buntu systems. http://avahi.org/

Add INCLUDE command to firehol.conf

2009-11-06T18:31:50Z

Please add a simple INCLUDE command that would simply "dump" the contents of another file into current position. This would allow breaking up the monolithic firehol.conf into manageable parts. This would be useful especially when files are version controlled adn shared between multiple hosts.

firehol-ports.conf # port definitions
firehol-hosts-local.conf
firehol-hosts-external.conf
firehol-rules-eth1.conf
firehol-rules-wlan0.conf

AN EXAMPLE:

# firehol.conf
include firehol-ports.conf
include firehol-hosts-local.conf
...

nat portfw commands ignored silently

2007-07-27T00:57:21Z

I've spent last 3 hours trying to get few UDP ports forwarded in simple NAT environment. I thought the process should be at max. 5 minute job. I was very wrong.

For reasons that I do not understand, any of the commands that I've tried (nat to-destination, dnat) do not make any rules into iptables. And what's wrong with this is that it does that completely silently. I would expect that if there are no complains, iptables were generated properly.

IPSEC port (2)

2007-07-09T11:37:59Z

Sorry!
I forgot

If is it possible to add this
(necessary for IPSEC+L2TP)

#L2TP
server_l2tp_ports="udp/1701"
client_l2tp_ports="any"

Thanks!

Stefano

IPSEC port

2007-07-09T10:25:27Z

Hello!
Sorry for my bad english!
For IPSec VPN i need to add

# for IPSec NAT-Traversal
server_natt_ports="udp/4500"
client_natt_ports="any"

to firehol.conf and change

# for IPSec Key negotiation
server_isakmp_ports="udp/500"
client_isakmp_ports="500"

# for IPSec Key negotiation
server_isakmp_ports="udp/500"
client_isakmp_ports="any"

in firehol.sh.

Is it possible apply these in firehol ?

Thanks!

Stefano

Trouble w/smtp

2007-01-23T20:12:01Z

what is the syntax to use if you only want a certain IP or group of IP addresses to be allowed to use the SMTP service?

Torrents are spamming my log

2005-10-14T14:22:28Z

I've created an opening in firehol for torrents, using
services it looks like:

#FHVER: 1:213
server_torrent_ports="tcp/6991:6999"
client_torrent_ports="default"

and in firehol did:

interface eth0 internet
server torrent accept
client all accept

Torrents works fine, and traffic is flowing at a good
speed, however I'm getting lots of firewall logs like:

Oct 14 16:21:08 tigger kernel: IN-internet:IN=eth0 OUT=
MAC=00:40:63:d3:af:16:00:05:00:e6:2b:82:08:00
SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC
=0x00 TTL=116 ID=15431 DF PROTO=TCP SPT=63649 DPT=6992
WINDOW=65374 RES=0x00 ACK FIN URGP=0
Oct 14 16:21:45 tigger kernel: IN-internet:IN=eth0 OUT=
MAC=00:40:63:d3:af:16:00:05:00:e6:2b:82:08:00
SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=
0x00 TTL=120 ID=53139 DF PROTO=TCP SPT=1552 DPT=6992
WINDOW=16300 RES=0x00 ACK FIN URGP=0

My torrent client is running on the same machine that
has the eth0 device (in other words, it's running
locally :) )..

Any clues?