FireHOL is basically a stateful iptables firewall. It is possible to monitor network connections dynamically with stateful firewall. Furthermore, if the traffic gets the nod from the stateful firewall then, it is allowed to move over the network. Apart from that, configuration of FireHOL is in a human-readable format.
Since, it won’t be possible for us to cover everything about FireHOL in just one article. So, we cover the basic configuration setup here. But, before that we have to install the package.
Note: Following operations require superuser privileges. In case you don’t have one then, we advise you to contact your System Administrator for assistance.
Install FireHOL in Ubuntu
The package is available through standard Ubuntu repository. Therefore, update the repository first. Hence, open a terminal and issue the following –
sudo apt update
Next, to install FireHOL –
sudo apt install firehol
Setup firewall with FireHOL in Ubuntu
The configuration file for FireHOL is –
/etc/firehol/firehol.conf
If we want to run FireHOL at every boot. Then, edit the following configuration file –
sudo nano /etc/default/firehol
And, make changes –
START_FIREHOL=NO
to,
START_FIREHOL=YES
We have used nano text editor. You can use one of your choice.
Basic Configurations of FireHOL
We discuss most basic /etc/firehol/firehol.conf
configurations here –
Case I. By default it is set to deny incoming traffic from the network. But, it would allow all outgoing connections.
interface any world client all accept
Case II. If your network usage is limited to web browsing then, following configuration can be used –
interface any world policy reject client dns accept client http accept client https accept
Start, restart, stop and try commands of FireHOL
Lastly, following four commands can be used to start, restart, stop and try. After making changes, we recommend you to try the changes you’ve made.
sudo firehol try
If you are happy with the configuration, press Enter to activate the firewall. Otherwise, to cancel – Ctrl+C
At any point in time, we can start, restart and stop FireHOL through –
sudo firehol start sudo firehol stop sudo firehol restart
In conclusion, we have covered how to setup firewall with FireHOL in Ubuntu here. We cover more configurations in subsequent articles.