Latest News

Aug 13, 2018 - FireHOL v3.1.6 released

Note:
This release is signed with a new GPG key. If you trusted the old key, you can find a transition statement signed with the old and new keys, here: https://firehol.org/files/gpg-transition-2018-08-10.txt

  • FireHOL

    • Boot startup fix #260
    • docker_bridge helper #114
    • Allow newer iptables #264
    • Log blocked/dropped packets in synproxy, mac, connlimit, fragments, ...
    • Fix wait for netfilter ready when using namespaces
    • Fast activation fixes #272
    • Allow matching DSCP CS0; fixes #288
    • Moved service definitions out of firehol / fireqos into separate files
    • Allow DROP_INVALID with any action (e.g. REJECT)
    • Add option FIREHOL_ACCEPT_OUTPUT_UNMATCHED_TCP_RST

  • FireQOS

    • Fix status to works with newer iproute; fixes #317
    • Update sample service definition to start after network #315

  • Link-Balancer

    • linkdown: routes cannot be added or deleted whilst marked invalid #211

  • Update-Ipsets

    • Various fixes, including #266 #265
    • List additions, updates and removals
    • Minor enhancements

  • Common

    • Fix parallel builds #255
    • Harden unit tests against tool output changes

Sep 17, 2017 - FireHOL v3.1.5 and IPRange 1.0.5 released

  • FireHOL

    • Fix some links in documentation

  • FireQOS

    • Insert a rawmark mask if none specified

  • Update-Ipsets

    • Support serving ipset files from local web server
    • Lower pressure on github

  • IPRange

    • fix invalid size of ipset while reducing non-optimized ipsets #18

Aug 20, 2017 - FireHOL v3.1.4 Released

Important bugfixes to FireHOL, FireQOS, and Update-Ipsets.

Documentation updates and other minor fixes.

  • FireHOL
    • Google hangouts port range fix #235
    • Fix hashlimit option names #223
    • Documentation improvements, marks #184 and cthelper #94
    • Allow negating interface in blacklist #143
  • FireQOS
    • DSCP match fixes #248
    • TCP match fix #249
    • Improve docs on using act_connmark to match ingress marked traffic #231
  • Update-Ipsets
    • Added various lists, removed discontinued ones
    • Include URL in user agent string in #217
    • Relax umask to allow stats collection by netdata #221

Feb 17, 2017 - FireHOL v3.1.3 Released

Fixes problems with hyphens in DNS names being detected as IP ranges.

Create relative rather than absolute links where possible, to resove problems when packaging/installing with a non-default DESTDIR.

Feb 05, 2017 - FireHOL v3.1.2 Released

Fixes NFS client where FIREHOL_DROP_ORPHAN_TCP_* options are in force.

Various other minor fixes and tidy-ups.

Nov 28, 2016 - FireHOL v3.1.0 Released

This version reworks installation to make full use of autoconf results in all programs.

FireHOL deprecates service ipv6error, not needed since 3.0.0 and moved ICMPv6 RELATED matching earlier to stop user accidentally preventing them.

VNetBuild has improved graphviz output.

Nov 22, 2016 - FireHOL v3.0.2 Released

This is a bugfix release, opening the way for bigger changes in 3.1.x.

Oct 05, 2016 - Let's Encrypt

Website SSL certificates are now from Let's Encrypt.

There's some fairly bad news on StartSSL who were our supplier up until now.

The dehydrated bash script made everything pretty simple.

Dec 20, 2015 - FireHOL v3 Released

With combined IPv4/IPv6 firewalling, QOS management, IP list management, multiple-link balancing and network namespace builder, this is the package you are looking for!

Aug 19, 2015 - FireHOL IP Lists Analytics

New web site: FireHOL IP Lists Analytics

In this site you will find up to date information for IP lists tracking

  • attacks
  • abuse
  • malware
  • anonymizers

Each IP list is analyzed and documented for its size over time, its country map, its retention policy and its overlaps with all other IP lists.

Apr 26, 2015 - FireHOL 2.0.3

FireHOL 2.0.3 has been released.

This version allows FireQOS to interpret the output of tc on more systems.

In addition, iptables errors and warnings on newer kernels relating to the use of physin and physout in bridges have been stopped.

Mar 14, 2015 - FireHOL 2.0.2 and 3.0.0-rc.2

FireHOL 2.0.2 and 3.0.0-rc.2 have been released.

For people who are differentiating ipv4 and ipv6 at the interface or router level these have an important fix. Without it, one ip version of your firewall will not accept RELATED traffic or log dropped packets.

People who only use interface and router to do both simultaneously are not affected, even if they differentiate individual helper and/or service rules. Those who produce an IPv4 or IPv6 only firewall will not be affected either.

FireHOL 3.0.0-rc.2 contains even more improvements including synproxy support and load-balacing NAT. Please help test it by checking that the output it generates for your current configuration is still correct and report any problems you find.

Feb 15, 2015 - FireHOL 2.0.1 and 3.0.0-rc.1

FireHOL 2.0.1 has been released. This version fixes a bug where a custom iptables -I command is lost.

At the same time, FireHOL 3.0.0-rc.1 is now available. This version contains many improvements over the 2.x series including more features, faster operation and optimised output. See:

  • This post for some details on recent changes.
  • The traps and knocks Wiki page for simple IDS and knocking configurations without daemons
  • The marks Wiki page for information on the new handling of marks. FireHOL now allows you to define multiple mark ranges with different behaviours and will take care of the details of making them work with the single kernel mark.

Please help test 3.0.0-rc.1 by checking that the output it generates for your current configuration is still correct and report any problems you find.

If you are upgrading from version 1.x, please see the upgrade notes.

Oct 24, 2014 - FireHOL 2.0.0 final released

FireHOL 2.0.0 has been released. This version includes full IPv6 support for firewalling and traffic shaping / QOS

If you are upgrading from an earlier version, please see the upgrade notes.

Oct 19, 2014 - FireHOL 2.0.0-rc.3 released

Just a few more problems found and fixed. Expect the final 2.0.0 really soon now.

Aug 02, 2014 - FireHOL 2.0.0-rc.1 released

This release marks the final stabilisation effort. Hopefully the next release of FireHOL / FireQOS will be a final 2.0.0 version with full IPv6 support.

Feb 15, 2014 - Combined IPv4/IPv6 operation

With release v2.0.0-pre6, FireHOL adds combined IPv4/IPv6 configuration as standard.

See the upgrade notes when moving from an earlier version.

Oct 18, 2013 - FireQOS on the way

FireQOS is a Quality Of Service tool that will be added in the next release.

It has the same ease of use and simplicity of expression you get with FireHOL.

For a sneak preview, see the documentation on the FireHOL Wiki

Oct 13, 2013 - FireHOL transitioning to a new home

FireHOL is moving to GitHub for development.

Website, mailing lists and so on have moved also.

Jan 07, 2013 - FireHOL R5 v1.296 released

Added support for NFLOG. FireHOL now syslogs all important actions.

Updated services amanda, ftp, pptp, tftp, h323, GRE, sip.

Added support for CONNMARK and CLASSIFY.

Fixed several issues.

Jul 31, 2008 - FireHOL R5 v1.273 released

Updated to parse the latest format of the IANA reservations page.

Added support for custom actions for services. This opens a way for allowing actions that can be controlled externally without restarting the firewall.

Fixed several minor issues (better NAT support for all services, handling for external pager command, kernel config parsing, config wizard, etc).