How to install Firehol

This may be painfully obvious to most, but I've been googling and reading all day, and can't come up with the answer.

I have a linode with Centos 5.0 (actually, when I upgraded with yum, I thought it went to 5.1, but dashboard still says 5.0 - but that's another post).

I changed the DNS data with Godaddy, and with linode's DNS Manager. I installed Apache, MySQL, and PHP, and all seem to be working fine. My primary domain is reachable, no problem.

Before setting up the other virtual domains and the mail server, I want to put in a firewall. For my purposes, Firehol seems to be a good choice. Problem is… I can't get yum to install it.

I used the command 'yum install firehol' and nothing. I downloaded the RPM from Sourceforge, but from reading the yum docs, it looks like I NEED the public key before manually installing. I went to the yum website, but can't find any reference to a public key.

Am I missing something? I searched the forums here, and no one seems to have a problem installing it, so it must be me. Can someone help me figure this out? I feel like such a dunce!



5 Replies

You should just be able to use "rpm -ivh file.rpm" to install it. It may not be part of Centos Extras yet. I didn't see gpg keys or md5sum's on the website to verify packages, so I guess you are just supposed to trust what you downloaded.

Thanks for the reply. I also checked out Shorewall, which seems to be similar to Firehol, and it looks like neither one is officially "blessed" by Centos.

Which begs the question… do I even need a firewall at all? I have several small personal blog-type sites, and just one with any real growth potential. They're standard LAMP sites, with no external users, no public ftp, minimal mail (at least for now).

If a firewall is advised, which one would serve for Centos -- and easy to configure for someone with no real firewall experience? IPTables looks pretty formidable.

elsewhere in the forum there is another similar thread… keep in mind that firehol and shorewall are just front ends to iptables(8), the kernel packet filter.

there are plenty of example iptables scripts out there, and it really does give you almost infinite flexibility (within the scope of iptables of course).

Oskar Andreasson's tutorial is one of the best I have seen, and as long as you have a basic knowledge of tcp/ip, you can follow along.

And just remember, if you break it, you've got LiSH to save the day.

I consider setting up iptables (manually or by script) a must.

Centos has some scripts that come with it. I find it easy enough to just edit /etc/sysconfig/iptables, but firehol and other may make it easier for you to setup. If you do use firehol, you may need to disable the iptables scripts that come with it. The following link is for Centos 4, but it should be useful.

~~[" target="blank">]( … ch-fw.html">](

Thank you both for your suggestions. I decided to bite the bullet, and spent most of the day struggling with iptables. It's been one error message after another. I tried a few of the script generating sites, and they seemed adequate, but I can't get iptables to run/load them.

I'll play with it more tonight, and at least try to document the problems. It seems to be a problem of not the right modules loading.

First, I have to take a break. My sister brought over some pecan shortbread cookie dough, and I need something to work out right.



Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct