FireHOL
If you’ve ever had to set up iptables rulesets, then you know how obscure the syntax for those configuration files can be (unless you’re used to it already). Fortunately, FireHOL provides a simple, clean, easy-to-understand language for describing complex iptables rules.
For example, lets say I was running a local DNS cache server that is configured to hit an external DNS server on cache misses:
iptables entry:
-A INPUT -p udp -s 0/0 –source-port 53 -d x.y.z.d/32 –destination-port 1024:65535 -j ACCEPT
fireHOL entry:
client dns accept
Obviously, FireHOL’s strength lies in its ability to represent iptables rules in a simpler, more intuitive format.
To be fair, iptables is designed to give the user as much freedom as possible to create their ruleset. This comes at a cost to usability, as the syntax can become pretty ungainly, especially for complicated setups. By simplifying the language used to describe firewall rules, FireHOL makes it that much easier to write the rules without having to google for examples to copy-paste-modify. Also, since FireHOL only provides a transitional language that is eventually converted to iptables rules, it is able to maintain that same flexibility to create highly-customized rulesets. This is true even on systems that require large and complex firewall rules.
FireHOL
If you’ve ever had to set up iptables rulesets, then you know how obscure the syntax for those configuration files can be (unless you’re used to it already). Fortunately FireHOL provides a simple, clean, easy-to-understand language for describing complex iptables rules.
For example, lets say I was running a local DNS cache server that is configured to hit an external DNS server on cache misses.
iptables:
-A INPUT -p udp -s 0/0 –source-port 53 -d x.y.z.d/32 –destination-port 1024:65535 -j ACCEPT
fireHOL:
client dns accept
To be fair, iptables is designed to give the user as much freedom as possible to create their ruleset. This comes at a cost to usability, as the syntax can become pretty ungainly, especially for complicated setups. By simplifying the language used to describe firewall rules, FireHOL makes it that much easier to write the rules without having to google for examples to copy-paste-modify. Also, since FireHOL only provides a transitional language that is eventually converted to iptables rules, it is able to maintain that same flexibility to create highly-customized rulesets. This is true even on systems that require large and complex firewall rules.