From ArchWiki

FireHOL is a language (and a program to run it) to build secure, stateful firewalls from easy to understand, human-readable configuration files. The configuration stays readable even for very complex setups. In the background it interfaces with iptables (IPv4/IPv6).


Install fireholAUR or firehol-gitAUR.


Initial Auto Configuration

Firehol comes with its own firewall wizard. All traffic is allowed by default. Using the wizard is the first step to get a basic firewall configuration which automatically detects all open port and interfaces running on the system.

# firehol wizard > /tmp/firehol.conf

The configuration is well documented. You find it at /tmp/firehol.conf. After finishing editing move it to /etc/firehol/firehol.conf. Then test run it with the command

# firehol try

You have 30 seconds trying and if you can make it permanent by starting and enabling firehol.service

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: stub (Discuss in Talk:FireHOL)

The configuration file is /etc/firehol/firehol.conf.

A good way to start learning its scripting declarations is by copying an Firehol example configuration.

The configuration file is bash file and has 3 parts:

  • helper
  • interface
  • router

Try, Run and Enable

You can test the configuration file's correctness by issuing:

# firehol try


# firehol nofast try

If the configuration is working, start/enable the firehol.service.