If you are upgrading from an earlier version of FireHOL, you should check if you will need to make any configuration upgrades.

If want an up to date version or cannot find a package for your distribution, follow these steps:

Packages are available for many distributions, and are often a more convenient way of installing FireHOL.

If you can provide improved instructions for existing or new distributions, please let us know so we can add the information.


Our tar-files releases are provided compressed with gzip, bz2 and xz. You only need one. If you don’t know which compression your system can handle, gzip (.gz files) is certain to work, so the examples assume you will choose that option.

Recent versions of firehol tools rely on iprange; install it first:

Then choose to download one of the following:

Automatic builds occur when a change is committed to the master branch of the code.

FireHOL and FireQOS detect at configure time if the commands they need are installed. In general the requirements are not onerous, just some common shell and networking commands which come as standard with modern Linux distributions, plus iprange.


All tar-files on the site come with MD5 (.md5) and SHA512 (.sha) checksums. To verify, download the checksum files as well as the tar-file and run e.g.:

$ md5sum -c firehol-3.1.1.tar.gz.md5 
firehol-3.1.1.tar.gz: OK


$ sha512sum -c firehol-3.1.1.tar.gz.sha 
firehol-3.1.1.tar.gz: OK

Official releases also come with detached gpg signatures in the .asc files, they should have been created with one of these keys:

Initially your gpg keyring will not include these keys, so your first time checking might go something like this:

$ gpg --verify firehol-3.1.1.tar.gz.asc firehol-3.1.1.tar.gz
gpg: Signature made Sat 15 Feb 2014 12:19:56 GMT using RSA key ID D829797E
gpg: Can't check signature: public key not found

$ gpg --recv-keys D829797E
gpg: requesting key D829797E from hkp server
gpg: /home/tmpu/.gnupg/trustdb.gpg: trustdb created
gpg: key D829797E: public key "Phil Whineray <>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

$ gpg --verify firehol-3.1.1.tar.gz.asc firehol-3.1.1.tar.gz
gpg: Signature made Sat 15 Feb 2014 12:19:56 GMT using RSA key ID D829797E
gpg: Good signature from "Phil Whineray <>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 9CCE 9A8D 5328 FBD6 CE29  6DCC 63DF 1E44 D829 797E

If you want to be certain you can trust the signature, contact us and we will see what we can arrange.


These instructions are for FireHOL - you should follow the same process for iprange first, if you are not obtaining it via your distribution.

Unpack and change directory with:

tar xfz firehol-x.y.z.tar.gz
cd firehol-x.y.z

Options for the configure program can be seen in the INSTALL file and by running:

./configure --help

To build and install taking the default options:

sudo make install

To not have files appear under /usr/local, try something like:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
sudo make install

If your O/S does not usually have a /usr/libexec, you may want to add --libexecdir=/usr/lib to the configure.

All of the common SysVInit command line arguments are recognised by the FireHOL and FireQOS scripts, which make them easy to deploy as startup services. In many cases you can just link them into the appropriate folder. The examples folder contains some example systemd service files.