Provided by: firehol-doc_3.1.7+ds-2_all bug


       firehol-iptables - include custom iptables commands


       iptables argument...

       ip6tables argument...


       The  iptables  and  ip6tables  helper  commands  pass  all  of their arguments to the real
       iptables(8) or ip6tables(8) at the appropriate point during run-time.


              When used in an interface or router, the result will not have a direct relationship
              to the enclosing definition as the parameters passed are only those you supply.

       You  should  not use /sbin/iptables or /sbin/ip6tables directly in a FireHOL configuration
       as they will run before FireHOL activates its firewall.  This means that the commands  are
       applied  to  the  previously running firewall, not the new firewall, and will be lost when
       the new firewall is activated.

       The iptables and ip6tables helpers are provided to allow you to hook in commands safely.

       When using the -t option to specify a table, ensure this is the first option to  iptables,
       otherwise “fast activation” will fail with an error message such as:

              iptables-restore: The -t option cannot be used in iptables-restore


       Fix LXC DHCP on same host:

              iptables -t mangle -A POSTROUTING -p udp --dport 68 -j CHECKSUM --checksum-fill


firehol(1) - FireHOL program

       • firehol.conf(5) - FireHOL configuration

       • iptables(8)  (  -  administration  tool for
         IPv4 firewalls

       • ip6tables(8) ( - administration  tool  for
         IPv6 firewalls

       • FireHOL Website (

       • FireHOL Online PDF Manual (

       • FireHOL Online Documentation (


       FireHOL Team.