Hi

Recently, I was looking for stateful packet firewalls and now stumbled across

FireHOL[1]

which seems to generate iptables rule-sets.
Have you any experience with it, which you can share?


The developer says
"FireHOL is a stateful iptables packet filtering firewall configurator. It is abstracted, extensible,
easy and powerful. It can handle any kind of firewall, but most importantly, it gives you the
means to configure it, the same way you think of it."

Another "source"[2] describes it very promisingly, but I always have my doubts here:
"FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for
almost any purpose, including control of any number of internal/external/virtual interfaces,
control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of
NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC
verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful
but also easy to use, audit, and understand. "

/edit: Two reasons for this post:
a) Is it worth the time to look at it in detail, or is it "better" to configure iptables directly
(please define "better" in the context you want to understand it ) ?
b) For those who never heard about FireHOL and have difficulties to confiure iptables properly,
this might be a good starting point.

Thanks &
Cheers!



[1] http://sourceforge.net/projects/firehol/
[2] http://www.astalavista.com/?section=...d=file&id=3175