Recent changes to support-requests

Use https://github.com/ktsaou/firehol/issues

Phil Whineray — Mon, 02 Mar 2015 07:46:11 -0000

Use http://lists.firehol.org/mailman/listinfo/firehol-support or https://github.com/ktsaou/firehol/issues for support requests

#23 avahi service definition

darioshanghai — Wed, 27 Aug 2014 11:11:06 -0000

log user

Anonymous — Fri, 04 Dec 2009 19:42:17 -0000

Can firehol include the user id of originating packages in the log? (use iptables --log-uid)

avahi service definition

Anonymous — Mon, 30 Nov 2009 16:32:16 -0000

It would be nice if th avahi service (network discovery also called zeroconf or bonjour) would be defined. It uses port 5353 seemingly plus another upper range port (do not have more info about it). Avahi runns by default for example on *buntu systems. http://avahi.org/

Add INCLUDE command to firehol.conf

Jari Aalto — Fri, 06 Nov 2009 18:31:50 -0000

Please add a simple INCLUDE command that would simply "dump" the contents of another file into current position. This would allow breaking up the monolithic firehol.conf into manageable parts. This would be useful especially when files are version controlled adn shared between multiple hosts.

firehol-ports.conf # port definitions
firehol-hosts-local.conf
firehol-hosts-external.conf
firehol-rules-eth1.conf
firehol-rules-wlan0.conf

AN EXAMPLE:

# firehol.conf
include firehol-ports.conf
include firehol-hosts-local.conf
...

nat portfw commands ignored silently

Anonymous — Fri, 27 Jul 2007 00:57:21 -0000

I've spent last 3 hours trying to get few UDP ports forwarded in simple NAT environment. I thought the process should be at max. 5 minute job. I was very wrong.

For reasons that I do not understand, any of the commands that I've tried (nat to-destination, dnat) do not make any rules into iptables. And what's wrong with this is that it does that completely silently. I would expect that if there are no complains, iptables were generated properly.

IPSEC port (2)

Stefano — Mon, 09 Jul 2007 11:37:59 -0000

Sorry!
I forgot

If is it possible to add this
(necessary for IPSEC+L2TP)

#L2TP
server_l2tp_ports="udp/1701"
client_l2tp_ports="any"

Thanks!

Stefano

IPSEC port

Stefano — Mon, 09 Jul 2007 10:25:27 -0000

Hello!
Sorry for my bad english!
For IPSec VPN i need to add

# for IPSec NAT-Traversal
server_natt_ports="udp/4500"
client_natt_ports="any"

to firehol.conf and change

# for IPSec Key negotiation
server_isakmp_ports="udp/500"
client_isakmp_ports="500"

# for IPSec Key negotiation
server_isakmp_ports="udp/500"
client_isakmp_ports="any"

in firehol.sh.

Is it possible apply these in firehol ?

Thanks!

Stefano

Trouble w/smtp

RPG — Tue, 23 Jan 2007 20:12:01 -0000

what is the syntax to use if you only want a certain IP or group of IP addresses to be allowed to use the SMTP service?

Torrents are spamming my log

Jesper L. Nielsen — Fri, 14 Oct 2005 14:22:28 -0000

I've created an opening in firehol for torrents, using
services it looks like:

#FHVER: 1:213
server_torrent_ports="tcp/6991:6999"
client_torrent_ports="default"

and in firehol did:

interface eth0 internet
server torrent accept
client all accept

Torrents works fine, and traffic is flowing at a good
speed, however I'm getting lots of firewall logs like:

Oct 14 16:21:08 tigger kernel: IN-internet:IN=eth0 OUT=
MAC=00:40:63:d3:af:16:00:05:00:e6:2b:82:08:00
SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC
=0x00 TTL=116 ID=15431 DF PROTO=TCP SPT=63649 DPT=6992
WINDOW=65374 RES=0x00 ACK FIN URGP=0
Oct 14 16:21:45 tigger kernel: IN-internet:IN=eth0 OUT=
MAC=00:40:63:d3:af:16:00:05:00:e6:2b:82:08:00
SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=
0x00 TTL=120 ID=53139 DF PROTO=TCP SPT=1552 DPT=6992
WINDOW=16300 RES=0x00 ACK FIN URGP=0

My torrent client is running on the same machine that
has the eth0 device (in other words, it's running
locally :) )..

Any clues?