I just wanted to thank you for a great program.
I've been using firehol for years and have found it logical and powerful.
FireHOL is an amazing tool. It leverages the incredible power of netfilter/iptables to turn Linux into a viable firewall solution, even for complex scenarios where people would think "Cisco PIX" or "Check Point FW-1".
Right now I'm using it on a box that filters the traffic passing between the public Internet, 4 VLANs, 1 DMZ and 2 VPN endpoints, with address forwardings (DNAT) thrown in for good measure. This amounts to over 3000 iptables rules (according to "iptables-save") and I still haven't lost my sanity!
Needless to say, I'm using it on all the other Linux servers too. :)
I want to thank you for making such a brilliant firewall configuration tool. I have just finished configuring a firewall with 5 ethernets (two office LANs, two DMZs and one ISP upstream with aliased IPs) for two companies with a shared broadband internet connection, and it works perfectly.
I still marvel at the shortness and simplicity of your configuration language contrasted against the completeness and tightness of the fully stateful iptables rules!
After six hours of nothing but trouble, frustration and desperation with fwbuilder, I installed FireHOL and within minutes I got everything to work as desired. Once more: why making things complicate, when you can make it easy. Thanks a lot.
Hello, I just wanted to thank you for making FireHOL. Explaining firewalls to my girlfriend is, well, a tough thing to do. After getting your script configured and our new DSL connection working, she said "Wow that was fast", then the inevitable "What did you do?". I showed her the short script and she read it like it was english. I can't stop smiling.
Just wanted to drop you a quick note to let you know that I just installed FireHOL 1.120 on my Linux router/firewall, and it worked like a champ!
Super-easy (your example on the FireHOL web page is a perfect starting point for setups like mine, which is a single PC doing NAT/MASQ and firewalling over DSL for an internal LAN) and much more effective than my old stateless firewall that it replaced (which wouldn't even let me ftp without shutting it down).
Just wanted to say thanks for a job well done, and for making your work available to the rest of us!
ALVE Technology Corporation
There's no greater endorsement than the words of satisfied users. So, if you like FireHOL and want to provide your own testimonial, just drop one of us a quick email and let us know you're happy for us to publish it.