Setup firewall with FireHOL in Ubuntu

FireHOL is basically a stateful iptables firewall. It is possible to monitor network connections dynamically with stateful firewall. Furthermore, if the traffic gets the nod from the stateful firewall then, it is allowed to move over the network. Apart from that, configuration of FireHOL is in a human-readable format.

Since, it won’t be possible for us to cover everything about FireHOL in just one article. So, we cover the basic configuration setup here. But, before that we have to install the package.

Note: Following operations require superuser privileges. In case you don’t have one then, we advise you to contact your System Administrator for assistance.

Install FireHOL in Ubuntu

The package is available through standard Ubuntu repository. Therefore, update the repository first. Hence, open a terminal and issue the following –

sudo apt update

Next, to install FireHOL –

sudo apt install firehol

Setup firewall with FireHOL in Ubuntu

The configuration file for FireHOL is –

/etc/firehol/firehol.conf

If we want to run FireHOL at every boot. Then, edit the following configuration file –

sudo nano /etc/default/firehol

And, make changes –

START_FIREHOL=NO

to,

START_FIREHOL=YES

We have used nano text editor. You can use one of your choice.

Basic Configurations of FireHOL

We discuss most basic /etc/firehol/firehol.conf configurations here –

Case I. By default it is set to deny incoming traffic from the network. But, it would allow all outgoing connections.

interface any world
     client all accept

Case II. If your network usage is limited to web browsing then, following configuration can be used –

interface any world
     policy reject
     client dns accept
     client http accept
     client https accept

Start, restart, stop and try commands of FireHOL

Lastly, following four commands can be used to start, restart, stop and try. After making changes, we recommend you to try the changes you’ve made.

sudo firehol try

If you are happy with the configuration, press Enter to activate the firewall. Otherwise, to cancel – Ctrl+C

At any point in time, we can start, restart and stop FireHOL through –

sudo firehol start
sudo firehol stop
sudo firehol restart

In conclusion, we have covered how to setup firewall with FireHOL in Ubuntu here. We cover more configurations in subsequent articles.