[Firehol-support] (fwd) Re: what comes after firehol?

Paul Fox pgf at foxharp.boston.ma.us
Tue Mar 13 13:56:49 GMT 2012

phil -- count me in.  firehol is a nice piece of work, and
i'm happy to help.

just to remind folks -- costa did send a message to this list last
june (below).  i assume phil has tried to contact him at the address
he used then, and i've cc'ed him again now, just in case.  but clearly
costa no longer has the time to devote to firehol.

it would clearly be preferable for phil to be able to take over
maintenance of firehol directly if costa were willing, but if we can't
even get in touch, then a fork is the next best thing.


costa wrote:
 > Date:    Wed, 29 Jun 2011 12:33:48 +0300
 > To:      Phil Whineray <phil.whineray at gmail.com>
 > cc:      firehol-support at lists.sourceforge.net
 > From:    Costa Tsaousis <costa at tsaousis.gr>
 > Subject: Re: [Firehol-support] what comes after firehol?
 > Hi all,
 > I am very pleased by your comments. Thank you very much.
 > As you have noticed it has been 3 years since the last release of
 > firehol. Although I have done enough commits fixing various bugs and
 > extending firehol, I did not manage to release anything. There are two
 > reasons for this:
 > a. Every new release needs an effort in documentation. I tried to
 > prepare a release once or twice during these 3 years, but I was unable
 > to complete the task.
 > b. Every new release attracts new users, demanding support, which
 > unfortunately I cannot provide to the extend required.
 > Currently firehol has 3 major issues:
 > 1. There is no ipv6 support
 > 2. It is very slow on very big firewalls (I have one with 10.000 rules,
 > that needs around 3 mins to get activated). There is a patch supplied at
 > sourceforge. It requires however extended testing.
 > 3. It should not depend on BASH. ASH is faster, lighter, runs on
 > embedded systems and could be used by firehol. ASH however lacks arrays,
 > a key feature for firehol. To run under ASH, firehol would need a
 > re-write of its core. Again, this would require extended testing.
 > Unfortunately, I cannot do all the work by myself.
 > If you would like to help, please send me a note. Firehol needs help to
 > stay alive.
 > In the mean time, I keep the cvs version of firehol always stable. I
 > suggest to use the cvs version instead of the released one. I always
 > update the CVS log properly too, so you can review what has changed or
 > fixed. I also fix bugs as soon as I get notified about them or add minor
 > features that do not require a major rewrite. These are the minimum
 > required to have a well maintained and secure firewall (firehol is
 > always well maintained - it is not "well released" though).
 > Regards,
 > Costa
 > part 2     text/plain                 377
 > ------------------------------------------------------------------------------
 > All of the data generated in your IT infrastructure is seriously valuable.
 > Why? It contains a definitive record of application performance, security 
 > threats, fraudulent activity, and more. Splunk takes this data and makes 
 > sense of it. IT sense. And common sense.
 > http://p.sf.net/sfu/splunk-d2d-c2part 3     text/plain                 176
 > _______________________________________________
 > Firehol-support mailing list
 > Firehol-support at lists.sourceforge.net
 > https://lists.sourceforge.net/lists/listinfo/firehol-support

 paul fox, pgf at foxharp.boston.ma.us (arlington, ma, where it's 48.2 degrees)

More information about the Firehol-support mailing list