@the Polls! Your Vote is…..?
Loading ...Highest Rated
- Faster Internet With an Old Laptop – Ubuntu and Squid
(9.84 out of 5) - Why is Linux Faster than Windows? (5.00 out of 5)
- Enable 5.1 Surround Sound on Linux – Ubuntu 8.04 Hardy (5.00 out of 5)
- Using Ubuntu to Crack WEP (5.00 out of 5)
- 130 Useful Linux Based LiveCD Versions. (5.00 out of 5)
- Update Gimp in Ubuntu Hardy 8.04 – The Fast Way (5.00 out of 5)
- Top 12 Best Games for Ubuntu Linux – #4 World of Padman (5.00 out of 5)
- Building a Web Developer / Designer PC Using Ubuntu Linux – ... (5.00 out of 5)
- Faster Internet With an Old Laptop – Ubuntu and Squid
Jul
15
Using The Host Object in Firewall Builder
July 15, 2009 | By: Vadim Kurland | Leave a Comment
Posted in How to...
This article continues the series of articles on Firewall Builder, a graphical firewall configuration and management tool that supports many Open Source firewall platforms as well as Cisco IOS access lists and Cisco ASA (PIX). Firewall Builder was introduced on this site earlier with articles Getting Started With Firewall Builder, Using Built-in Policy Importer in Firewall Builder, Using Firewall Object in Firewall Builder.
More information on Firewall Builder, pre-built binary packages and source code, documentation and Firewall Builder Cookbook can be found on the project web site at www.fwbuilder.org. Watch Project Blog for announcements and articles on all aspects of using Firewall Builder.
This article demonstrates how you can work with Host objects in Firewall Builder.
The Host Object
The host object in Firewall Builder is designed to represent real hosts in the network: workstations, servers, and any other network node with an address. Just like real hosts, the host objects have interfaces, representing different physical connections to the network. Most Internet hosts will have just a single (visible) interface with a single IP address. In that case the actual interface and its name do not matter. For most foreign hosts, Firewall Builder will assign an arbitrary name “interface1” to the hosts interface. By using a tree-like hierarchy of hosts -> interfaces -> addresses it is possible however to specify the exact address and/or interface of a host in the case when it does matter. Both interfaces and addresses are represented by objects, which are organized in a tree. Interface objects sit in the tree directly under the host, and the address objects are located under their interfaces. The interface object can have either one or multiple addresses. An example of a host with one interface with multiple addresses is shown in the screenshot below. Host “test server” has three virtual IP addresses that all belong to the same interface “eth0”.
In Firewall Builder, the host object is Read more
Jul
2
Using Firewall Object in Firewall Builder
July 2, 2009 | By: Vadim Kurland | 1 Comment
Posted in How to...
This article continues the series of articles on Fireall Builder, a graphical firewall configuration and management tool that supports many Open Source firewall platforms as well as Cisco IOS access lists and Cisco ASA (PIX). Firewall Builder was introduced on this site earlier with articles Getting Started With Firewall Builder and Using Built-in Policy Importer in Firewall Builder.
More information on Firewall Builder, pre-built binary packages and source code, documentation and Firewall Builder Cookbook can be found on the project web site at www.fwbuilder.org. Watch Project Blog for announcements and articles on all aspects of using Firewall Builder.
Firewall Builder supports variety of object types, both simple such as address, network, host, or IP, TCP, UDP and ICMP services, as well as more sophisticated such as Firewall, Host, Address table, DNS name, User service. Firewall object is central to the program and is in the focus of this article.
General Description
A firewall object is designed to represent a real firewall device in your network. This firewall object will have interface and IP address objects that mirror the real interfaces and IP addresses of the actual device. In addition, the firewall object is where you create the access policy rule sets, NAT rule sets, and routing rule sets that you assign to your firewall device.
By default, a firewall has one Policy rule set, one NAT rule set, and one routing rule set. However, you can create more than one rule set using branching rules (for firewalls that support them). On the other hand, you don’t have to populate all the rule sets. You can, for example, create a Policy ruleset and leave the NAT and Routing rule sets empty. We explains more about policies and rule sets below.
To speed up the creation of a firewall object, Firewall Builder has a wizard that walks you through creating the object. The wizard has three options for creating a firewall object:
- From a template: Firewall Builder comes with several pre-defined templates. You can use these to create a firewall that is close to your configuration, the modify it to fit your needs. This method is demonstrated in the "Getting Started with Firewall Builder" here or here.
- Manually: You can provide interface IP address, subnet mask, gateway, and other parameters manually. You can add this information when you create the firewall, or you can add it later.
- Via SNMP: Firewall Builder uses SNMP queries to learn about the network.
Creating Firewall Object Manually
To start the firewall object creation wizard, right-click the Firewalls folder in the User tree and select New Firewall.
The first page of this wizard is displayed.
Jun
25
Using Built-In Revision Control in Firewall Builder
June 25, 2009 | By: Vadim Kurland | Leave a Comment
Posted in How to...
This article continues the series of articles on Firewall Builder, a graphical firewall configuration and management tool that supports many Open Source firewall platforms as well as Cisco IOS access lists and Cisco ASA (PIX). Firewall Builder was introduced earlier with the article Getting Started With Firewall Builder. The series continued with articles on built-in policy importer and other topics.
More information on Firewall Builder, pre-built binary packages and source code, documentation and Firewall Builder Cookbook can be found on the project web site at www.fwbuilder.org. Watch Project Blog for announcements and articles on all aspects of using Firewall Builder.
This article demonstrates one of the more advanced features of Firewall Builder - built-in Revision Control System (RCS).
Firewall Builder GUI has built-in revision control system that can be used to keep track of changes in the objects and policy rules. If data file has been added to the revision control system, every time it is saved, the system asks the user to enter a comment that describes changes done in the file in this session and stores it along with the data. The program also assigns new revision number to the data file using standard software versioning system with major and minor version numbers separated by a dot. When you open this data file next time, the program presents a list of revisions alongside with dates and comments, letting you choose which revision you want to use. You can open the latest revision and continue working with the file from the point where you left off last time, or open one of the older revisions to inspect how the configuration looked like in the past and possibly create a branch in the revision control system. Here we take a closer look at the built-in revision control system.
We start with a regular data file which we open in the Firewall Builder GUI as usual. Note that the name of the file appears in the titlebar of the main window, here it is [test2.fwb]:
You can always see additional information about the file using main menu File/Properties. There is not much the program can report about this file that we do not know already. It shows full path where it is located on the file system and Read more
Jun
17
Using Built-in Policy Installer in Firewall Builder
June 17, 2009 | By: Vadim Kurland | Leave a Comment
Posted in How to...
This article continues the series of articles on Firewall Builder, a graphical firewall configuration and management tool that supports many Open Source firewall platforms as well as Cisco IOS access lists and Cisco ASA (PIX). Firewall Builder was introduced on this site earlier with articles Getting Started With Firewall Builder and Using Built-in Policy Importer in Firewall Builder.
More information on Firewall Builder, pre-built binary packages and source code, documentation and Firewall Builder Cookbook can be found on the project web site at www.fwbuilder.org. Watch Project Blog for announcements and articles on all aspects of using Firewall Builder.
After firewall configuration has been generated by one of the policy compilers and saved in a file on disk in the format required by the target firewall, it needs to be transferred to the firewall machine and activated. This function is performed by the component we call "Policy Installer" which is part of the Firewall Builder GUI.
Starting with version 2.0, Firewall Builder comes with built-in installer that uses SSH to communicate with the firewall. Installer works on all OS where Firewall Builder is available: Linux, FreeBSD, Windows and Mac OS X. On Linux, *BSD and Mac OS X it uses standard ssh client that comes with the system; on Windows it uses putty.
Installer needs to be able to copy generated firewall script to the firewall and then run it there. In order to do so, it uses secure shell. The program does not include ssh code, it uses external ssh client. On Linux, BSD and Mac OS X it uses standard ssh client ssh and secure shell file copy program scp that come with the system; Read more
Jun
10
Using Built-in Policy Importer in Firewall Builder
June 10, 2009 | By: Vadim Kurland | 1 Comment
Posted in How to...
This article continues the series of articles on Fireall Builder, a graphical firewall configuration and management tool that supports many Open Source firewall platforms as well as Cisco IOS access lists and Cisco ASA (PIX). Firewall Builder was introduced on this site earlier with article Getting Started With Firewall Builder,
More information on Firewall Builder, pre-built binary packages and source code, documentation and Firewall Builder Cookbook can be found on the project web site at www.fwbuilder.org. Watch Project Blog for announcements and articles on all aspects of using Firewall Builder.
This article demonstrates how you can import existing iptables or Cisco router configuration into Firewall Builder.
There are two ways to activate the feature: Main menu "File/Import Policy" or "Tools/Discovery Druid" and then choose option "Import configuration of a firewall or a router". Only import of iptables and Cisco IOS access lists is possible in the current version.
Importing existing iptables configuration
iptables config that the program can import is in the format of iptables-save. Script "iptables-save" is part of the standard iptables install and should be present on all Linux distribution. Usually this script is installed in /sbin/ . When you run this script, it dumps current iptables configuration to stdout. It reads iptables rules directly form the kernel rather than from some file, so what it dumps is what is really working right now. To import this into fwbuilder run the script to save configuration to a file
iptables-save > iptables_config.conf
Then launch fwbuilder, activate "Import Policy" function and use "Browse" button in the dialog to find file iptables_config.conf. You also need to choose "iptables" in the drop-down menu "Platform".
If you do not choose iptables in the "Platform", the program will try to interpret the file using different parser and will fail. The program does not make any assumptions about the file name or extension and can not predict automatically what platform is the configuration being imported is for.
Importing iptables configuration created in FireStarter
The following example demonstrates Read more
