i'm in love
Nov. 24th, 2005 23:31![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
piranhawith fireHOL, a language to express firewalling rules. it produces a stateful firewall. (it keeps track of the events in any particular sequence of interaction, which means it knows which packets are legitimate for any specific connection state, and can make intelligent decisions about which to keep and which to reject).
it is easy to write. it is even easy to read. look how damn easy it is:
my actual firewall is of course more complicated, but it didn't take more than 30 minutes to learn the language and write out a scipt (fireHOL uses bash scripting). and it would have worked perfectly right away were not telus blocking standard bittorrent ports, the bastards. but at least that became obvious pretty much right away, while before using fireHOL i wasn't certain whether i was handling the forwarding of the bittorrent traffic correctly (as it turns out, i wasn't).
so now i am happy. i have a nice, new, clean firewall script that i actually understand backwards and forwards.
it is easy to write. it is even easy to read. look how damn easy it is:
interface eth0 homelan
policy accept
interface eth1 internet
protection strong
server http accept
server ssh accept src trusted.example.com
client all accept
router homelan2internet inface eth0 outface eth1
masquerade
route all accept
my actual firewall is of course more complicated, but it didn't take more than 30 minutes to learn the language and write out a scipt (fireHOL uses bash scripting). and it would have worked perfectly right away were not telus blocking standard bittorrent ports, the bastards. but at least that became obvious pretty much right away, while before using fireHOL i wasn't certain whether i was handling the forwarding of the bittorrent traffic correctly (as it turns out, i wasn't).
so now i am happy. i have a nice, new, clean firewall script that i actually understand backwards and forwards.