Upgrading your configuration

FireHOL maintains compatibility with older configurations by using a configuration version number. When a significant change to configuration occurs, the expected number is incremented.

If you have been directed to this page when running FireHOL, the version number expected by FireHOL is higher than the one used in your configuration.

You should review your configuration to ensure it will still work as you expect and then update the version number to the expected version.

Config Version 6

The configuration version of FireHOL 2.0.0-pre6 and later has been updated from 5 to 6.

In summary, from FireHOL v2.0.0-pre6 adds combined IPv4/IPv6 support. This document helps you update your configuration to the latest version with no change in IPv4 behaviour (note: IPv6 will be completely blocked).

Once you have completed it you can optionally follow the FireHOL IPv6 Setup tutorial to extend the firewall to cover IPv6 as well as IPv4.

We will use this simple example and mark everything as IPv4 only:

dnat to inface ppp+ proto tcp dport 80

interface eth0 home
  server ssh accept src

router home2net inface eth0 outface ppp+
  server ssh accept

Anything in a configuration can be labelled ipv4:

ipv4 command...

In addition interfaces and routers can be written as interface4 and router4. All sub-commands of an IPv4 router or interface will inherit the fact they are IPv4, so we can rewrite out example as this:

ipv4 dnat to inface ppp+ proto tcp dport 80

interface4 eth0 home
  server ssh accept src

router4 home2net inface eth0 outface ppp+
  server ssh accept

Finally, update your version line (or add one):

version 6

The only behaviour change to your version 5 config is that your host will now drop IPv6 packets where before they were allowed unless you took separate steps to block them. If you want to allow IPv6 traffic, check out the FireHOL IPv6 Setup tutorial.