|
Firewall Builder 1.0
This is a really powerful utility for those who are building
firewalls. The program is a graphical tool for setting up and maintaining
complex firewall rules scripts, for either filtering routers that
protect networks, or for bastion hosts that must defend themselves.
Although Firewall Builder runs on Linux, it does not assume the
firewall itself is running on Linux; it can write rules for Linux's
iptables command, FreeBSD's ipfilter, OpenBSD's pf, and even Cisco
PIX firewalls (remember to download the appropriate modules). To
start using fwbuilder, run it (the command is fwbuilder),
then start creating objects with the Insert menu option.
You can create networks, individual hosts and firewalls, and then
drag and drop objects (representing protocols, services, times of
day) into the Policy object of a firewall in order to create filtering
rules.
Firewall Builder has some interesting capabilities, such as the
ability to read zone files from a DNS in order to create host objects,
or to perform network discovery using SNMP. The latter capability
is of dubious value, however, since there are so many well-known
weaknesses in SNMP (see CERT Advisory CA-2002-03), most firewall
administrators won't allow it on their systems. The program also
has a wizard (Rules —> Help me build firewall policy) which
steps the novice through basic firewall policy construction.
Once you have defined a firewall policy and saved it, clicking Rules
—> Compile will generate a firewall script, which will be saved
in the current directory, as firewall-name.fw. This can then be
transferred to the firewall machine for execution (actually, fwbuilder
can automatically invoke a script to install the firewall script).
Though you still need to have a good understanding of firewall principles
and network protocols, Firewall Builder makes the construction of
complex policies much, much easier.
Download
You will need to install different files, depending on which
Linux distribution you are running. All can be found at http://www.fwbuilder.org.
For Red Hat 9, use libfwbuilder-1.0.0-1.rh9.i386.rpm,
fwbuilder-1.0.10-1.rh9.i386.rpm
and fwbuilder-ipt-1.0.10-1.rh9.i386.rpm,
but you will also need libsigc++10-1.0.4-fr3.i386.rpm
and gtkmm-1.2.10.fr3.i386.rpm.
Installation in Red Hat is as simple as:
[root@sleipnir les]# rpm -ivh libfwbuilder-1.0.0-1.rh9.i386.rpm
fwbuilder*.rpm gtkmm-1.2.10-fr3.i386.rpm libsigc++10-1.0.4-fr3.i386.rpm
warning: gtkmm-1.2.10-fr3.i386.rpm: V3 DSA signature: NOKEY, key
ID e42d547b
Preparing... ########################################### [100%]
1:libsigc++10 ########################################### [ 20%]
2:libfwbuilder ########################################### [ 40%]
3:gtkmm ########################################### [ 60%]
4:fwbuilder ########################################### [ 80%]
5:fwbuilder-ipt ########################################### [100%]
[root@sleipnir les]#
All files are located in the magstuff/linux/files
directory on this CD.
|
