Package Details: firehol 2:3.1.7-3

Git Clone URL: (read-only, click to copy)
Package Base: firehol
Description: The iptables stateful packet filtering firewall builder.
Upstream URL:
Keywords: firewall iptables
Licenses: GPL
Submitter: schuay
Maintainer: SanskritFritz
Last Packager: SanskritFritz
Votes: 34
Popularity: 0.001474
First Submitted: 2013-03-15 14:51 (UTC)
Last Updated: 2021-01-15 10:43 (UTC)

Latest Comments

SanskritFritz commented on 2021-01-15 10:45 (UTC)

Thanks for the heads-up! Maybe I should learn how to build in a clean chroot...

rageltman commented on 2021-01-15 01:03 (UTC) (edited on 2021-01-15 01:04 (UTC) by rageltman)

Looks like there's a dependency issue (building in chroot via CI):

[2021-01-14T21:13:58.861Z] checking for ss... /usr/bin/ss
[2021-01-14T21:13:58.861Z] checking for stty... /usr/bin/stty
[2021-01-14T21:13:58.861Z] checking for sysctl... no
[2021-01-14T21:13:58.861Z] configure: error: cannot find required executable, bailing out
[2021-01-14T21:13:58.861Z] ==> ERROR: A failure occurred in build().
[2021-01-14T21:13:58.861Z]     Aborting...
script returned exit code 255

Needs procps-ng:

$ pacman -Ql|grep $(which sysctl)
procps-ng /usr/bin/sysctl

SanskritFritz commented on 2020-01-23 21:15 (UTC)


andykluger commented on 2020-01-23 21:09 (UTC) (edited on 2020-01-23 21:11 (UTC) by andykluger)


You shouldn't need to do that. If you post your full output with the problem someone might be able to help, which could also help any other people with your problem.

EDIT: See also:

t-ask commented on 2020-01-23 21:01 (UTC) (edited on 2020-01-23 21:03 (UTC) by t-ask)

Yes, iputils was installed. I did 'fix' it with a small workaround:

# mg /usr/bin/ping6
   ping -6 $@
# chmod +x /usr/bin/ping6

andykluger commented on 2020-01-23 20:29 (UTC)


Strange, I get

checking for ping... /bin/ping
checking whether PING has working -6 option... yes

with no problems. Do you have iputils installed?

t-ask commented on 2020-01-23 20:21 (UTC)

Trying to install this package I get error:

checking for ping6... no
configure: error: cannot find required executable, bailing out

jsteel commented on 2019-03-18 12:59 (UTC)

OK that is odd, I was building with devtools and believe that pulls in base but I guess not.

SanskritFritz commented on 2019-03-18 12:43 (UTC)

Both are part of the base group which is assumed to be installed although the packaging guidelines don't specify this.

jsteel commented on 2019-03-18 08:49 (UTC)

'procps-ng' 'iputils' are needed as deps, otherwise:

checking for sysctl... no configure: error: cannot find required executable, bailing out

checking for ping... no configure: error: cannot find required executable, bailing out

SanskritFritz commented on 2019-01-13 10:07 (UTC)

I will add screen as an optional dependency. The service files here are provided by upstream, so please file a request to them on github.

twnaing commented on 2019-01-13 08:51 (UTC) (edited on 2019-01-13 08:51 (UTC) by twnaing)

screen is required by link-balancer

please also add link-balancer.service. I am a noob at writing systemd unit file. I am currently using the following systemd unit for link-balancer

Description=Link Balancer for FireHOL

ExecStart=/sbin/screen -S 'link-balancer' -d -m /sbin/link-balancer loop                                                               
ExecStop=/sbin/screen -S 'link-balancer' -X kill


SanskritFritz commented on 2018-08-17 20:50 (UTC)

Upstream just did this :D

t-ask commented on 2018-08-17 17:37 (UTC) (edited on 2018-08-17 17:38 (UTC) by t-ask)

It might be a good idea to add Wants/Before option in [Unit] of both services:

argypy commented on 2017-12-14 20:15 (UTC)

Seems to dump stuff in /usr/var/{run,spool}/firehol ... ?

I added '-localstatedir=/var' to configure to fix mine ...

SanskritFritz commented on 2017-11-26 15:32 (UTC)

Ataraxy I fail to see your point. There was a ping6 problem like years ago, but it has been fixed.

Ataraxy commented on 2017-11-26 13:43 (UTC) (edited on 2018-03-28 10:12 (UTC) by Ataraxy)

I also got:

checking for ping6... no configure: error: cannot find required executable, bailing out ==> ERROR: A failure occurred in build().

I fixed this by reinstalling iputils.

SanskritFritz commented on 2017-09-07 08:08 (UTC)

This is what I have: checking for ping... /usr/bin/ping checking whether PING has working -6 option... yes Maybe you have a ping6 symlink somewhere? It was a temp solution to this problem some time ago.

SanskritFritz commented on 2017-09-02 14:20 (UTC)

That is a very old problem, what version are you building?

JohnRobson commented on 2017-09-02 03:31 (UTC)

checking for ping6... no configure: error: cannot find required executable, bailing out ==> ERROR: A failure occurred in build(). Aborting... ==> ERROR: Makepkg was unable to build firehol. ping can handle ipv6 now

SanskritFritz commented on 2017-01-12 10:46 (UTC)

I don't know how to help you, sorry, it works here.

kinnil2ks commented on 2017-01-12 10:22 (UTC)

Yes. It's there, but still does not work. For me, the easiest and quickest solution was to replace in firehol binary: sed -i 's|$PROGRAM_DIR/$functions_file|/usr/lib/firehol/3.1.0/$functions_file|' /usr/bin/firehol I hope it get fixed for next update.

SanskritFritz commented on 2017-01-12 09:44 (UTC)

Check the PKGBUILD, you should see these lines in package(): # rm "$pkgdir/usr/bin/"{vnetbuild,update-ipsets,fireqos,link-balancer,firehol} ln -s "/usr/lib/firehol/3.1.0/vnetbuild" "$pkgdir/usr/bin/vnetbuild" ln -s "/usr/lib/firehol/3.1.0/update-ipsets" "$pkgdir/usr/bin/update-ipsets" ln -s "/usr/lib/firehol/3.1.0/fireqos" "$pkgdir/usr/bin/fireqos" ln -s "/usr/lib/firehol/3.1.0/link-balancer" "$pkgdir/usr/bin/link-balancer" ln -s "/usr/lib/firehol/3.1.0/firehol" "$pkgdir/usr/bin/firehol"

kinnil2ks commented on 2017-01-12 09:35 (UTC) (edited on 2017-01-12 09:35 (UTC) by kinnil2ks)

@SanskritFritz Yes, downloaded just yesterday. That's the bug, yes. Using apacman, if that matters.

SanskritFritz commented on 2017-01-12 08:48 (UTC)

@stenaus Are you sure you are using version 2:3.1.0-2? I suspect you've hit this bug: There is a workaround for this in pkgrel=2.

kinnil2ks commented on 2017-01-12 08:14 (UTC)

Not sure if this is the right place, but does anyone else have a problem with this package? PROGRAM_DIR points every way to /usr/bin/ which breaks Firehol 3.1.0 startup, because install.config and functions.common files exists in /usr/lib/firehol/3.1.0/ but not in /usr/bin Also, FIREHOL_OVERRIDE_PROGRAM_DIR does not work (neither in firehol.defaults nor firehol-defaults.conf) because config file is loaded afterwards not in the beginning.

SanskritFritz commented on 2017-01-08 20:19 (UTC)

OK, I'm not good at this stuff, so maybe I'm completely missing the point. I think the hash in the PKGBUILD should be generated at package creation, so the user can be sure he has downloaded the same file the package creator did. Generating the hash on the downloaded file and comparing it to the hash downloaded from the same site is rather pointless in my opinion.

utsi commented on 2017-01-08 10:26 (UTC) (edited on 2017-01-08 10:29 (UTC) by utsi)

SanskritFritz, just throwing in my 2c, I think what djmattyg007 is trying to say is that instead of using md5sums in the PKGBUILD, you should use SHA1. Though I would argue that you should use SHA512, but that is another matter of its own. Of course you would not download the hash from the website, but you would generate it yourself and verify that it matches the website one, though if the tar was compromised so would the hash. What hash the PKGBUILD uses does not really matter if you would include PGP signature verification of the source, since the MD5 checksum would then be effectively only a checksum for a successful download and PGP would be used for the source integrity check. Edit: And thanks for being the package maintainer :)

SanskritFritz commented on 2017-01-06 12:51 (UTC)

djmattyg007 I don't see the point. You download a program and a hash from the same site at the same time and trust the program because there is a hash next to it? Also what would you do with the hash in the PKGBUILD? Can you give me an example?

djmattyg007 commented on 2017-01-06 11:44 (UTC) The Firehol developers supply a PGP detached signature for verification. This PKGBUILD should include this to ensure the source is verified. Upstream also supplies SHA-1 hashes, which should be preferred over MD5 hashes.

t-ask commented on 2016-09-29 01:33 (UTC) (edited on 2016-09-29 01:38 (UTC) by t-ask)

Please consider removing 'pandoc' and 'dblatex' package deps. Otherwise this AUR only runs on full blown GUI/X11 environments, besides it is a console app. Just remove both deps and alter the configure options, please. makedepends=('git') ./configure --prefix="/usr" --sysconfdir="/etc" --sbindir="/usr/bin" --disable-doc --disable-man You might also think of applying the 'ln' patch until the next release is out: ln -s /usr/bin/ping /usr/bin/ping6

SanskritFritz commented on 2016-03-19 19:03 (UTC)

SanskritFritz commented on 2016-03-09 20:20 (UTC)

I see, thanks. I'll contact upstream about this, hang on.

dhscholb commented on 2016-03-09 18:39 (UTC)

I think mathieu.clabaut is referring to this error when trying to build the firehol package: checking for ping6... no configure: error: cannot find required executable, bailing out ==> ERROR: A failure occurred in build(). The reason this happens is that the latest iputils package has removed the ping6 executable since the ping executable now supports both ipv4 and ipv6. I was able to work around this by symlinking ping6 to ping: sudo ln -s /usr/bin/ping /usr/bin/ping6 I'm not sure if this has any negative consequences, but it seems to be working fine at the moment.

SanskritFritz commented on 2016-03-03 14:27 (UTC)

You mean this?

mathieu.clabaut commented on 2016-03-03 14:22 (UTC)

iputils package does not contains ping6 anymore (ping accepts -4 or -6 flag), which breaks the build of firehol.

SanskritFritz commented on 2016-01-26 18:24 (UTC)

Thanks guys, I updated the package and filed a bug report upstream.

3ED_0 commented on 2016-01-25 08:48 (UTC)

put core/traceroute into depends :)

maleadt commented on 2016-01-25 08:16 (UTC)

ipset isn't an optdepends, as ./configure fails without it.

dev_arch commented on 2016-01-24 20:53 (UTC)

All OK. I'm really not sure what the rules and or requirements are. I mainly thought to mention my experience with building the latest version in order to help others. As far as I can tell firehol used to build without these.

SanskritFritz commented on 2016-01-23 20:57 (UTC)

Well, traceroute is not mentioned in the wiki, ipset however can be optional dependency. I'll include it as optdepend. Is that OK with you?

SanskritFritz commented on 2016-01-23 20:42 (UTC)

SanskritFritz commented on 2016-01-23 20:36 (UTC)

I will check this out, namcap didn't warn me about this. I will add those packages to the dependencies of course if needed.

dev_arch commented on 2016-01-23 12:50 (UTC)

Building failed on some of my boxes because of missing packages, namely traceroute and ipset. Should they be dependencies?

SanskritFritz commented on 2015-12-05 01:15 (UTC)

Thanks, fixed.

dkgof commented on 2015-12-04 13:22 (UTC)

The firehol download file location has changed: -> Which makes the build fail.

maleadt commented on 2014-09-25 08:10 (UTC)

RC1 has been released.

SanskritFritz commented on 2014-03-29 22:37 (UTC)

3ED_0 thank you, I simply took your package with almost no changes :)

3ED_0 commented on 2014-03-29 21:47 (UTC)

2.0.0-pre6 marked as stable at project page, there is pkgbuild:

SanskritFritz commented on 2013-06-04 20:59 (UTC)

3ED_0 Thanks for the heads-up.

3ED_0 commented on 2013-06-04 12:01 (UTC) ------------------------------------------ Patch, run in directory with PKGBUILD (strip 1):

schuay commented on 2013-03-15 14:51 (UTC)

Moved from [community].