[Firehol-support] Firehol Status?

Carlos Rodrigues carlos.efr at mail.telepac.pt
Mon Dec 11 15:11:17 GMT 2006

On 12/11/06, firehol firehol <firehol at gmail.com> wrote:
> When I use a config file like shown below, I found that packets returning from DNS requests were sometimes being blocked, and incoming connections to port 25 were also sometimes blocked. (Even when all rules had  'client all accept' and 'server all accept'.)

I see quite a few blocked connections to port 25. The reason is always
"New TCP without SYN", which comes from the protection rules against
malformed traffic inserted by FireHOL.

I also see a bunch of refused port 53's destined to our servers, which
I guess could very well be packets which arrive to late to be
considered part of a previous request.

> Do people use this firewall on real, working mail and DNS servers?  Am I making some sort of mistake in my configs? I would love to get firehol working for my purposes.

Yes, both on servers and on a firewall machine. I haven't noticed any
problems in well over a year since this firewall went into production,
nor have any users complained about any kind of problems.

Carlos Rodrigues

More information about the Firehol-support mailing list