[Firehol-devs] (no subject)

Phil Whineray phil.whineray at gmail.com
Mon Mar 12 22:07:16 GMT 2012

Hi Everyone

I have been trying to contact Costa for quite a while to ask whether there
is any chance of seeing my IPv6 patches included. I've had no response
so at this point I am announcing my intention to fork FireHOL from mid
April and continue development and support in a new project.

Any help that anyone can provide will be gratefully received; I would like
to take this great piece of software and breathe new life into it but I won't
be able to do that alone. There's something for almost all abilities up for
grabs at the moment; please see the bottom for some ideas.

The goals of the forked project will stay close to the original:

  - Allow experts and non-experts alike to produce secure firewalls
  - Simple configuration should be simple
  - Complex configuration should be possible (and as easy as possible)
  - Keep to a minimal set of dependencies

In particular, going forwards:

  - Eliminate distinctions between IPv4 and IPv6 where-ever possible
  - Maintain compatibility with old FireHOL configurations

I will keep the current GPL 2 or later licensing unchanged.

Proposed Roadmap
 - Project name decided

 - Official infrastructure established
   - Website
   - Mailing list
   - Bug tracker
   - Git tree
   - Release mechanism

 - Release 1.0: Drop-in replacement for FireHOL
   - Rename main script + provide wrapper or link to original name
   - Copyrights + licensing notices applied to all files
   - Documentation updated
   - Take downstream patches (e.g. debian, red hat, arch, ...)
   - Build installable packages; rpm, deb, tar.gz
     - Verify seamless upgrades from FireHOL

 - Release 1.1: IPv6 capability release
   - Current FireHol + IPv6 patches maintained throughout 1.0 and 1.1 process
   - Release will fixes any shortcomings
     - e.g. Helpme to include IPv6 support
   - Automated test architecture (prove v4 unaffected)

 - Release 1.2: Start taking on other requests
   - To be determined

How Can You Help?
I'd welcome help in pretty much any area. There should be something for
anyone who has a bit of spare time and an interest in seeing the FireHOL
code-base move on: code, testing, packaging and documentation.

Please use this Github issue tracker for anything related to naming,
infrastructure etc. until there is a decision on official ones:

  - https://github.com/philwhineray/firehol-fork/issues

Current suggestions are:

  - firehol6 / fireholv6
  - barbican
  - legiwall (i.e. legible firewall)

Please comment on the issue tracker if you would like to make a suggestion
or back an existing one.

We need to sort out an official name before too long since it affects
everything else. I'll announce a choice on Saturday 30th March.

Once we've got the name in place we will switch to the official lines of
communication as the various bits are implemented.

The main requirements are these:

  - Website
  - Mailing list or forum
  - Bug tracker

Tomas Jacik will be organising hosting and infrastructure staring around
mid-April. That will mark the offical start of the fork. Please feel free to
join the discussion in the issue tracker for now.

The really important bits of the website (i.e. services, language
description) are part of the project under GPL so we will be able to get
that going quite quickly. Help with content and translation will be

Release 1.0
We will host an official git repository under the main domain once it is

Meantime this tree is intended to form the basis of the work for 1.0:

  - git://github.com/philwhineray/firehol-fork.git

The "cvs-mirror" branch will track FireHOL cvs; it is currently the latest
CVS version on Sourceforge.

The "master" branch will accumulate all the changes up to an official
1.0 release.

Any patches for inclusion will be collected in extra branches for review
as necessary. Please let me know if you are aware of any patches that should
make it in to 1.0.

I'm intending to do away with this repo once the official one's implemented,
and release 1.0 is finished. I'll establish a new repo with an appropriate
name for future development work.

The majority of the work is cleaning up the files to reflect the new
project and sort out documentation. Please use the Github issue tracker
for anything related to this repo:

  - https://github.com/philwhineray/firehol-fork/issues

Release 1.1
Focus for now is on work for 1.0 which will not add IPv6. However, the main
reason for the fork is to get this functionality into a supported project.
For the impatient an updated FireHOL with all IPv6 patches can be found here:

  - git://github.com/mikemol/fireholv6.git

Once the 1.0 release is finalised anything missing from that repository
will be appled to the official tree as part of a 1.1 release. Please submit
any IPv6 related problems/patches to the Github issue tracker for the repo:

  - https://github.com/mikemol/fireholv6/issues

More information about the Firehol-devs mailing list