FireHOL is the best tool I’ve used for configuring Linux firewalls. But it can really spew its logs all over your
syslog. Getting it to stop this is non-obvious so hopefully this saves you some time.
This tutorial is for Debian 6 running rsyslog. As always, YMMV.
This is the easy part.
aptitude install firehol
Make sure it can start
Debian’s FireHOL package has it disabled by default. Edit
/etc/default/firehol and set:
Set a custom log prefix
/etc/firehol/firehol.conf and add the following:
This ensures that all FireHOL-generated log messages contain this string. While you’re here, you might want to configure the firewall itself :)
Create a special rule in rsyslog
Add a file at
/etc/rsyslog.d/30-firehol.conf and make it have the following content:
:msg, contains, "'firehol: " -/var/log/firehol.log & ~
This will make all log messages that contain the “‘firehol: “ string log to their own file. It then skips the rest of the rules so they don’t also go to
syslog. The “30” in the filename is just there to ensure that this file is evaluated before the others. I’m not sure if it’s actually necessary or not.
That should be all you need to do. Now restart FireHOL and Rsyslog like so:
/etc/init.d/firehol stop /etc/init.d/rsyslog stop /etc/init.d/firehol start /etc/init.d/rsyslog start
/var/log/firehol.log to make sure FireHOL is logging there.
You may also be getting sick of seeing this warning every time you restart FireHOL:
File ‘/etc/firehol/RESERVED_IPS’ is more than 90 days old
The worst part is that the script to update the reserved IPs list (as of right now) 404s so you can’t fix it. What you can do is this:
That’ll shut it up, if for only another 3 months.