[Firehol-support] firehol extra tools

Tsaousis, Costa costa at tsaousis.gr
Fri Jan 1 02:17:32 CET 2016 

I have to add that update-ipsets depends on iprange and uses it (like
firehol does) to optimize the ipsets loaded in kernel for maximum
performance.

update-ipsets also makes sure that IP lists downloaded from internet
sources (it download everything from the maintainers sites), are
parsed in such a way that no code injection is possible, and kernel
updates are atomic, meaning that for every ipset kernel update either
it succeeds and the new ipset is loaded, or it fails and the old ipset
is left untouched - the ipset is never empty - not even for a
nanosecond.

Costa


On Fri, Jan 1, 2016 at 3:10 AM, Tsaousis, Costa <costa at tsaousis.gr> wrote:
> link-balancer is a tool that allows to setup and maintain multiple
> concurrently active, balanced gateways (default or any other kind). It
> tries to fill the gap that the standard linux tools (like iproute2) do
> not address (for example, when there is a balanced gateway setup and
> one of them is lost, the whole gateway route is lost - it also allows
> you to setup some kind of inheritance among routing tables).
>
> So, it is a tool that complements both firehol and fireqos, but is
> independent of them. Currently firehol, fireqos and link-balancer
> share only custom mark definitions (defined in firehol, saved in
> /var/cache/firehol and loaded/used by fireqos and link-balancer - this
> is only used to reference marks by name - the admin can define marks
> by number to avoid this dependency).
>
> update-ipsets is again a standalone tool. It can complement any
> firewall, not only firehol. It allows downloading and unifying third
> party IP lists (the admin can configure more IP lists sources too) and
> can update ipsets in kernel for any firewall (this is not firehol
> specific - it will update ipsets in kernel for any netfilter ipset
> based firewall).
>
> Costa
>
>
> On Fri, Jan 1, 2016 at 2:25 AM, Jerome BENOIT <g6299304p at rezozer.net> wrote:
>> Hello List:
>>
>> On 30/12/15 07:10, Tsaousis, Costa wrote:
>>> Excellent!
>>> Thank you.
>>
>> You are welcome.
>>
>>>
>>> On Wed, Dec 30, 2015 at 7:18 AM, Jerome BENOIT <g6299304p at rezozer.net> wrote:
>>>> Hello Forum:
>>>>
>>>> I am please to announce that iprange is reaching Debian Sid.
>>>> For now the package is in the NEW queue [1],
>>>> while the git debian material is available a Alioth [2].
>>>>
>>>> Now I will focus on refreshing the debian material for firehol and its friends.
>>
>> My current understanding is that update-ipsets is a tool meant to be used with firehol .
>> Concerning link-balancer , is it meant to be used with firehol ? or fireqos ?
>>
>> Thanks in advance,
>> Jerome
>>
>>
>>
>>
>>>>
>>>>
>>>> Thanks,
>>>> Jerome
>>>>
>>>>
>>>> [1] https://ftp-master.debian.org/new/iprange_1.0.2%2Bds-1.html
>>>> [2] https://anonscm.debian.org/cgit/collab-maint/iprange.git/
>>>> _______________________________________________
>>>> Firehol-support mailing list
>>>> Firehol-support at lists.firehol.org
>>>> http://lists.firehol.org/mailman/listinfo/firehol-support

More information about the Firehol-support mailing list