by allowing the established connection specified in the environment
variable SSH_CLIENT (only if it exists: it is lost if you su -, you should
su without the minus).
Also, the panic argument takes one optional argument. This can be an IP
address in which case all established connections between the host and this
IP will be allowed.
the 'save' argument of FireHOL. By default this variable is empty in which
case FireHOL detects RedHat and Debian systems and saves it to the right
place.
and to produce multiple interfaces for each IP. This means that FireHOL
is somewhat smart to match IPs with networks and interfaces, to detect
networks behind gateways, default gateways on point-to-point interfaces,
and to produce router statements matching the interfaces detected above.
is attached to. This produces templates to be used in cases where one
interface is used for routing traffic between multiple networks.
Additionally, 'helpme' produces example SNAT statements to be used instead
of masquerade when the IPs of the interfaces are statically assigned.
ip link show
detects interface IPs using:
ip addr show
and detects interface networks using:
ip route show
This makes the 'helpme' wizard support any kind of interfaces,
configurations and interfaces aliases.
in a few systems.
Added control option FIREHOL_LOG_LEVEL and the optional argument 'level'
to the 'log' parameter in order to accept custom log levels per rule.
Now, to have different log levels, one could write:
server dhcp accept log "my-dhcp" src 1.1.1.1
to get the default controlled by FIREHOL_LOG_LEVEL, or
server dhcp accept log "my-dhcp" level critical src 1.1.1.1
Note that the 'level' is NOT a FireHOL optional rule parameter. It is an
optional argument to the 'log' parameter. This for example is invalid:
server dhcp accept level critical log "my-dhcp" src 1.1.1.1
The new definition of the 'log' optional rule parameter is:
log "some text" [level a_level]
MARKing (for traffic shapping) in the future.
Also, added an error handler that detects use of SNAT, DNAT, REDIRECT
outside the 'nat' table and TOS, MARK outside the 'mangle' table.
ERRORs are assumed to be situations where FireHOL cannot continue, and it
will exit just after restoring the previous firewall.
WARNINGs are situations where FireHOL cannot determine if the firewall
will or won't work, and it will just present the warning and continue.
present. This behaviour is required when the required module is compiled
in the kernel, instead of being a module.
However, FireHOL still calls /sbin/modprobe which will print some error
to the console (this will not make FireHOL stop functioning).
statements in some versions of BASH.
Fixed a problem of some early 2.4 kernels where not all mangle default
chains are defined. Now, FireHOL detects which chains are present.