[Firehol-support] IPSec + Firehol

Phil Whineray phil at firehol.org
Tue Jul 10 07:05:02 BST 2018

On Mon, Jul 09, 2018 at 08:43:13PM +0200, Sebastiano Pilla wrote:
> On 09/07/18 13:07, Viktor Remennik wrote:
> > According to the docs, the 'firehol.conf' file is executed by the
> > firehol as a shell script, so, any shell command can be added there. The
> > problem is, that this workaround is not a firehol functionality and it's
> > not possible to configure such things using firehol itself. Furthermore,
> > it looks like the firehol is not supported anymore. That's why, I
> > suppose, the best solution is to get rid of it. Dunno, probably in this
> > situation it's better to move to the raw iptables.
> What makes you say that? Is there any web page which explicitly states that
> firehol isn't supported anymore?

Indeed not. Firehol is an iptables generator (as are most firewall solutions),
so unless it stops doing what you want or makes it harder to understand,
I can't see any reason to prefer plain iptables.

You can use custom parameters [1] in most cases where there is no explicit
syntax in firehol itself.

If you need an actual iptables(8) command, they are explicitly supported
as a method to inject custom requirements [2].

If these are not easy to find, maybe they should be added as a FAQ...


[1]: https://firehol.org/firehol-manual/firehol-params/#custom
[2]: https://firehol.org/firehol-manual/firehol-iptables/

More information about the Firehol-support mailing list