I think I’ve configured the firewall in a completely different way on every server that I’ve set up (for example configuring iptables manually, using a shell script to bootstrap the iptables script, or using firestarter). Continuing that trend, my latest vps is no different, except this time I am actually pleased with the solution. http://firehol.sourceforge.net/ provides a simple language for building firewalls that it then uses to build the iptables.

Yes, the thought of yet another language had me wary, but it truly seems to be both simple and powerful. Here’s a sample firewall configuration that matches all eth2 interfaces, and allows incoming smtp,http,https and ssh services, and all outgoing traffic.

Firehol’s Firewall DSL

interface eth2+ internet
        server smtp accept
        server http accept
        server https accept
        server ssh accept
        client all accept

Start the firehol script (which installs the iptables rules, and is not a resident program), and you’re good to go.