Firewall Configurations - EOLE AMON (French academy)

ericmarceau · June 18, 2026, 8:03pm

I stumbled across a reference to EOLE AMON today.

That is a Firewall that was created to protect the network and the web services for the one French Academy, Académie de Dijon.

Detailed documentation is available here:

EOLE - Documentations

The complete OSS for EOLE is available from GitHub:

EOLE Team · GitHub

Does anyone have any experience with that Firewall component? If you do, would you care to share your sense of how manageable/simple the task of “re-targeting” for as a Desktop “appliance application” would be?

tkn · June 19, 2026, 8:12am

As far as my shameful low level of understanding of the french language did permit me to understand, I think the special thing about it is deep-packet-inspection.

Am I right or am I missing something ?

ugnvs · June 19, 2026, 8:12am

They say

EOLE AMON 2.9 is … to monitor and filter traffic between different zones … acting as a router, AMON securely shares internet access among sub-networks within a local area network (LAN)…

That is your question if EOLE AMON can be used within virtual machine on a host computer to protect that same host can address any ‘classic’ routing multihomed firewall.

Well, local firewalls are implemented differently. They intercept and process TCP/IP traffic locally. Nevertheless, I think that is possible. The task however is not simple and implementation is not as clean and safe as firewalling should be.

Look, there is a host and virtual FW appliance within it. FW has two virtual ETH interfaces: public and internal. You have to route all TCP/IP traffic for the host through FW.

All outgoing host traffic can be routed to internal FW interface. That is simple. You just substitute default route to host’s ETH with default route to FW’ internal interface. Obviously, they must belong to the same IP network. N.B. that host’s LAN traffic to internal network through host’s ETH is not suppressed yet. Probably, iptables filtering may help with that.
All incoming traffic at host’s ETH should be directed to FW’s external ETH. The only solution I can think out is to use iptables forwarding. N.B. that in case of internal network that will cause asymmetric routing which may be discouraged by FW.

tkn · June 19, 2026, 8:15am

If that is the case, then they probably lean heavily on hardware assisted virtualisation where you can set the NIC dedicated to a virtual machine
( VTd ? VTx ? Can’t remember, too long ago)

EDIT: After some reading and deciphering I couldn’t find anything yet about virtualisation. It really looks more like an enterprise router/firewall on steroids including support for VPN-tunneling between routers.

I remember doing that with some home routers once with someone living in another city. Creating an encrypted tunnel between our two routers merged our local networks to one Virtual Local Network.

I can be mistaken though. My french is terrible.

Topic		Replies	Views
My Quest for the Ultimate Home Office Firewall General Discussions home-network , firewall , homelab	3	4024	June 5, 2026
Security Goodies - Pot of gold? or fool's gold? (rxfn on GitHub) General Discussions network-security , system-security , firewall , cybersecurity , sysadmin	1	40	June 1, 2026
pfSense Firewall 2.8: Install & Config – Settings Walkthrough Server & Sysadmin firewall , network	5	1190	May 14, 2026
My $300 pfSense Firewall Appliance – Part 1: Unboxing Server & Sysadmin hardware , firewall , network	12	1132	October 6, 2025
How to block outgoing ports? Help & Support firewall , network	3	241	March 2, 2026

Firewall Configurations - EOLE AMON (French academy)

Related topics