File: language.html

package info (click to toggle)
firehol 1.231-2sarge1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 1,096 kB
  • ctags: 389
  • sloc: sh: 9,783; makefile: 55
file content (95 lines) | stat: -rw-r--r-- 5,263 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<link rel="stylesheet" type="text/css" href="css.css">
<TITLE>FireHOL, The configuration language.</TITLE>
<meta name="author" content="Costa Tsaousis">
<meta name="description" content="

Home for FireHOL, an iptables stateful packet filtering firewall builder for Linux (kernel 2.4),
supporting NAT, SNAT, DNAT, REDIRECT, MASQUERADE, DMZ, dual-homed, multi-homed and router setups,
protecting and securing hosts and LANs in all kinds of topologies. Configuration is done using
simple client and server statements while it can detect (and produce) its configuration
automatically. FireHOL is extremely easy to understand, configure and audit.

">

<meta name="keywords" content="iptables, netfilter, filter, firewall, stateful, port, secure, security, NAT, DMZ, DNAT, DSL, SNAT, redirect, router, rule, rules, automated, bash, block, builder, cable, complex, configuration, dual-homed, easy, easy configuration, example, fast, features, flexible, forward, free, gpl, helpme mode, human, intuitive, language, linux, masquerade, modem, multi-homed, open source, packet, panic mode, protect, script, service, system administration, wizard">
<meta http-equiv="Expires" content="Wed, 19 Mar 2003 00:00:01 GMT">
</HEAD>

<BODY bgcolor="#FFFFFF">

<center>
<script type="text/javascript"><!--
google_ad_client = "pub-4254040714325099";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
google_ad_channel ="";
google_page_url = document.location;
google_color_border = "336699";
google_color_bg = "FFFFFF";
google_color_link = "0000FF";
google_color_url = "008000";
google_color_text = "000000";
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</center>
<p>


FireHOL configuration files are normal <a href="http://www.gnu.org/software/bash/bash.html">BASH</a> scripts.
As such, you can use all <a href="http://www.gnu.org/software/bash/bash.html">BASH</a> features within FireHOL configuration
files, including functions, loops, variables, I/O, etc, etc.
<p>
I have chosen <a href="http://www.gnu.org/software/bash/bash.html">BASH</a> as the configuration language for FireHOL
since it is the common denominator for a language that all UNIX system administrators and developers
(or at least those that respect themselves) know and understand better.

<center><table border=0 cellpadding=15 cellspacing=20 width="70%">
<tr><td bgcolor="#F0F0F0">
The fact that
FireHOL uses <a href="http://www.gnu.org/software/bash/bash.html">BASH</a> for its configuration,
allows third parties to develop add-ons, to enable FireHOL use
SQL databases, directory structures, DBM or other files, WEB front ends or other means for the rules of the firewall.
<p>
Exactly the same reason allows the build of remote managers for centralized administration of a large number of Linux hosts and
routers.
</td></tr>
</table>
</center>

The only <a href="http://www.gnu.org/software/bash/bash.html">BASH</a> features a FireHOL configuration script should never use, is <b>traps</b> and the <b>exit</b> command. Traps are used by FireHOL for cleaning
up all temporary files, and possibly restoring the previously running firewall in case FireHOL execution breaks, and the exit command will not just exit the configuration file, it will exit
FireHOL. FireHOL has disabled these features by default, so that you will not be able to use them, unless you specifically enable them.
<p>
Also, since a FireHOL configuration script runs inline with FireHOL, all variables and function names defined within the
configuration file overwrite the ones defined by FireHOL. For this reason you should avoid using variables that start with
<b>FIREHOL_</b>, <b>work_</b>, <b>server_</b>, and <b>client_</b> as many such variables are used by FireHOL internally.
There are also a number of functions names you should avoid, but there is no generic pattern at the moment. I suggest you should
avoid defining functions with the names of FireHOL commands (interface, router, client, server, etc) and functions starting with <b>rules_</b>.
<p>
Note however that it is allowed to overwrite a few variables and functions if you want to modify FireHOL services (See the <a href="adding.html">Adding Services</a> section for more on this).
<p>
To learn <a href="http://www.gnu.org/software/bash/bash.html">BASH</a> scripting I suggest the following documents:
<ul>
	<li><a href="http://www.tldp.org/LDP/abs/html/index.html">Advanced Bash-Scripting Guide</a> (updated)</li>
	<li><a href="http://www.tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html">BASH Programming - Introduction HOW-TO</a> (older)</li>
</ul>

<p>
<hr noshade size=1>
<table border=0 width="100%">
<tr><td align=center valign=middle>
	<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&amp;type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
</td><td align=center valign=middle>
	<small>$Id: language.html,v 1.9 2004/10/31 23:43:25 ktsaou Exp $</small>
	<p>
	<b>FireHOL</b>, a firewall for humans...<br>
	&copy; Copyright 2004
	Costa Tsaousis <a href="mailto: costa@tsaousis.gr">&lt;costa@tsaousis.gr&gt</a>
</body>
</html>