[Firehol-support] what comes after firehol?

Rick Marshall rjm at zenucom.com
Wed Jun 29 11:15:42 BST 2011


Hi Costa

Happy to help, my suggestion would be to do a version that uses tcl as the scripting language - fast, can be embedded, supports arrays, lists, advanced stuff we need.

Let me know

Regards
Rick

On 29/06/2011, at 7:33 PM, Costa Tsaousis wrote:

> Hi all,
> 
> I am very pleased by your comments. Thank you very much.
> 
> As you have noticed it has been 3 years since the last release of firehol. Although I have done enough commits fixing various bugs and extending firehol, I did not manage to release anything. There are two reasons for this:
> 
> a. Every new release needs an effort in documentation. I tried to prepare a release once or twice during these 3 years, but I was unable to complete the task.
> 
> b. Every new release attracts new users, demanding support, which unfortunately I cannot provide to the extend required.
> 
> 
> Currently firehol has 3 major issues:
> 
> 1. There is no ipv6 support
> 
> 2. It is very slow on very big firewalls (I have one with 10.000 rules, that needs around 3 mins to get activated). There is a patch supplied at sourceforge. It requires however extended testing.
> 
> 3. It should not depend on BASH. ASH is faster, lighter, runs on embedded systems and could be used by firehol. ASH however lacks arrays, a key feature for firehol. To run under ASH, firehol would need a re-write of its core. Again, this would require extended testing.
> 
> Unfortunately, I cannot do all the work by myself.
> 
> If you would like to help, please send me a note. Firehol needs help to stay alive.
> 
> In the mean time, I keep the cvs version of firehol always stable. I suggest to use the cvs version instead of the released one. I always update the CVS log properly too, so you can review what has changed or fixed. I also fix bugs as soon as I get notified about them or add minor features that do not require a major rewrite. These are the minimum required to have a well maintained and secure firewall (firehol is always well maintained - it is not "well released" though).
> 
> Regards,
> 
> Costa
> 
>  
> 
> 
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security 
> threats, fraudulent activity, and more. Splunk takes this data and makes 
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2_______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support





More information about the Firehol-support mailing list