Firehol

V /etc/firehol/firehol.conf:

FIREHOL_LOG_PREFIX="FIREHOL: "

v /etc/rsyslog.d/10-firehol.conf

:msg, startswith, "FIREHOL: " -/var/log/firehol.log
& ~

rotaci zprovozníme v /etc/logrotate.d/firehol

/var/log/firehol.log
{
	rotate 7
	daily
	missingok
	notifempty
	delaycompress
	compress
	postrotate
	invoke-rc.d rsyslog reload > /dev/null
	endscript
}

#!/bin/bash

version 5

#FIREHOL_LOG_LEVEL=7
FIREHOL_LOG_PREFIX="FIREHOL: "

#================================================================================

function GetADR() {
    echo `ip addr show $1 | grep inet | awk '{ print $2}' | cut -d/ -f1`
}

function GetLAN() {
    echo `ip addr show $1 | grep inet | awk '{ print $2}'`
}

function GetBRD() {
    echo `ip addr show $1 | grep inet | awk '{ print $4}'`
}

INTERNAL_IF="seth0"
INTERNAL_ADR=`GetADR $INTERNAL_IF`
INTERNAL_LAN=`GetLAN $INTERNAL_IF`
INTERNAL_BRD=`GetBRD $INTERNAL_IF`

server_dropbox_ports="udp/17500"
client_dropbox_ports="default"

INTERNAL_SERVICES="http https ssh"
INTERNAL_DROP="samba dropbox"

#================================================================================

interface ${INTERNAL_IF} internal
    policy reject
    server "${INTERNAL_SERVICES}" accept
    server "${INTERNAL_DROP}" drop
    client all accept