[Firehol-support] Improving FireHOL

Carlos Rodrigues carlos.efr at mail.telepac.pt
Sun Feb 25 20:41:17 GMT 2007

On 2/25/07, Vincent Danjean <vdanjean.ml at free.fr> wrote:
>   I'm not telling that FireHOL must be run in two parts on two different
> machines. I'm just telling that there is not a lot of work to do so that
> this is possible. And sometimes this would be really useful, even if there
> is some limitations from the 'normal' mode.

I guess there's three ways to do this:

1. You can load the rules on the source machine, dump them with
iptables-save, and then load them in the target machine with

2. You can change firehol so that it dumps the "iptables ..." commands
instead of running them. And then run the output on the target

3. You can change firehol so that it generates output compatible with
iptables-restore, which has the problems described by the firehol
author in the post I referenced.

Well, I could certainly use option 2... and it doesn't seem all that
difficult to implement...

Carlos Rodrigues

More information about the Firehol-support mailing list