[Firehol-support] IPSec + Firehol
phil at firehol.org
Tue Jul 10 07:05:02 BST 2018
On Mon, Jul 09, 2018 at 08:43:13PM +0200, Sebastiano Pilla wrote:
> On 09/07/18 13:07, Viktor Remennik wrote:
> > According to the docs, the 'firehol.conf' file is executed by the
> > firehol as a shell script, so, any shell command can be added there. The
> > problem is, that this workaround is not a firehol functionality and it's
> > not possible to configure such things using firehol itself. Furthermore,
> > it looks like the firehol is not supported anymore. That's why, I
> > suppose, the best solution is to get rid of it. Dunno, probably in this
> > situation it's better to move to the raw iptables.
> What makes you say that? Is there any web page which explicitly states that
> firehol isn't supported anymore?
Indeed not. Firehol is an iptables generator (as are most firewall solutions),
so unless it stops doing what you want or makes it harder to understand,
I can't see any reason to prefer plain iptables.
You can use custom parameters  in most cases where there is no explicit
syntax in firehol itself.
If you need an actual iptables(8) command, they are explicitly supported
as a method to inject custom requirements .
If these are not easy to find, maybe they should be added as a FAQ...
More information about the Firehol-support