[Firehol-support] Improving FireHOL

Carlos Rodrigues carlos.efr at mail.telepac.pt
Sun Feb 25 20:41:17 GMT 2007


On 2/25/07, Vincent Danjean <vdanjean.ml at free.fr> wrote:
>   I'm not telling that FireHOL must be run in two parts on two different
> machines. I'm just telling that there is not a lot of work to do so that
> this is possible. And sometimes this would be really useful, even if there
> is some limitations from the 'normal' mode.

I guess there's three ways to do this:

1. You can load the rules on the source machine, dump them with
iptables-save, and then load them in the target machine with
iptables-restore.

2. You can change firehol so that it dumps the "iptables ..." commands
instead of running them. And then run the output on the target
machine.

3. You can change firehol so that it generates output compatible with
iptables-restore, which has the problems described by the firehol
author in the post I referenced.

Well, I could certainly use option 2... and it doesn't seem all that
difficult to implement...

-- 
Carlos Rodrigues




More information about the Firehol-support mailing list