piranha: red origami crane (Default)
[personal profile] piranha
with fireHOL, a language to express firewalling rules. it produces a stateful firewall. (it keeps track of the events in any particular sequence of interaction, which means it knows which packets are legitimate for any specific connection state, and can make intelligent decisions about which to keep and which to reject).

it is easy to write. it is even easy to read. look how damn easy it is:

    interface eth0 homelan
    policy accept
    
    interface eth1 internet
    protection strong
    server http accept
    server ssh accept src trusted.example.com
    client all accept
    
    router homelan2internet inface eth0 outface eth1
    masquerade
    route all accept

my actual firewall is of course more complicated, but it didn't take more than 30 minutes to learn the language and write out a scipt (fireHOL uses bash scripting). and it would have worked perfectly right away were not telus blocking standard bittorrent ports, the bastards. but at least that became obvious pretty much right away, while before using fireHOL i wasn't certain whether i was handling the forwarding of the bittorrent traffic correctly (as it turns out, i wasn't).

so now i am happy. i have a nice, new, clean firewall script that i actually understand backwards and forwards.

on 2005-11-25 16:42 (UTC)
Posted by [identity profile] huashan.livejournal.com
OOOoo...that is cool indeed. Iptables/Ipchains are great, but definitely not easy to ready/understand.

Profile

piranha: red origami crane (Default)
renaissance poisson

July 2015

S M T W T F S
   123 4
567891011
12131415161718
19202122232425
262728293031 

Most Popular Tags

Expand Cut Tags

No cut tags