After being abandoned for a couple of years, Firehol version 2.0.0 rc1 has been released which includes IPv6 support and QOS.
This new version includes the changes from Phil Whineray who wrote the Firehol fork Sanewall, which is discussed in https://bugzilla.redhat.com/show_bug.cgi?id=960645. I suggest closing 960645 and upgrading the RPM's to include version 2.
I will contact Phil about the status, as in the last year the we(me and Susi) discussed and determined to use sanewall to replace firehol.
Now it seems that these 2 are merged back on firehol, and sanewall is no longer being developed.
I'm not sure if it's OK to push it to f20 as it may violate the updates policy. But if you have f21 machine or even rawhide, tests are welcome, especially the systemd part, meanwhile I will work with upstream to port it to nftables if I have time.
I installed firehol-2.0.0-0.1.rc1.fc21 successfully on Fedora 20 and it works, and I installed firehol-2.0.0-0.1.rc1.el7 on CentOS 7 without any issues as well.
I do not have any f21 / rawhide running unfortunately.
Thanks a lot for your fast work!