[Firehol-support] what comes after firehol?
costa at tsaousis.gr
Wed Jun 29 10:33:48 BST 2011
I am very pleased by your comments. Thank you very much.
As you have noticed it has been 3 years since the last release of
firehol. Although I have done enough commits fixing various bugs and
extending firehol, I did not manage to release anything. There are two
reasons for this:
a. Every new release needs an effort in documentation. I tried to
prepare a release once or twice during these 3 years, but I was unable
to complete the task.
b. Every new release attracts new users, demanding support, which
unfortunately I cannot provide to the extend required.
Currently firehol has 3 major issues:
1. There is no ipv6 support
2. It is very slow on very big firewalls (I have one with 10.000 rules,
that needs around 3 mins to get activated). There is a patch supplied at
sourceforge. It requires however extended testing.
3. It should not depend on BASH. ASH is faster, lighter, runs on
embedded systems and could be used by firehol. ASH however lacks arrays,
a key feature for firehol. To run under ASH, firehol would need a
re-write of its core. Again, this would require extended testing.
Unfortunately, I cannot do all the work by myself.
If you would like to help, please send me a note. Firehol needs help to
In the mean time, I keep the cvs version of firehol always stable. I
suggest to use the cvs version instead of the released one. I always
update the CVS log properly too, so you can review what has changed or
fixed. I also fix bugs as soon as I get notified about them or add minor
features that do not require a major rewrite. These are the minimum
required to have a well maintained and secure firewall (firehol is
always well maintained - it is not "well released" though).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Firehol-support