Firewall Builder (Download of the Month)

In keeping with this month's theme, here's a really powerful utility for those who are building firewalls. Firewall Builder is a graphical tool for setting up and maintaining complex firewall rules scripts, for either filtering routers which protect networks or for bastion hosts which must defend themselves.

Although Firewall Builder runs on Linux, it does not assume the firewall itself is running on Linux; it can write rules for Linux's iptables command, FreeBSD's ipfilter, OpenBSD's pf, and even Cisco PIX firewalls (remember to download the appropriate modules). To start using fwbuilder, run it (the command is "fwbuilder"), then start creating objects with the "Insert" menu option. You can create networks, individual hosts, and firewalls, and then drag and drop objects (representing protocols, services, times of day into the Policy object of a firewall in order to create filtering rules.

Firewall Builder has some interesting capabilities, such as the ability to read zone files from a DNS in order to create host objects, or to perform network discovery using SNMP. The latter capability, is of dubious value, however, since there are so many well-known weaknesses in SNMP (see CERT Advisory CA-2002-03) that most firewall administrators won't allow it on their systems. The program also has a wizard (Rules -> Help me build firewall policy) which steps the novice through basic firewall policy construction.

Once you have defined a firewall policy and saved it, choosing Rules -> Compile will generate a firewall script, which will be saved in the current directory, as firewall-name.fw. This can then be transferred to the firewall machine for execution (actually, fwbuilder can automatically invoke a script to install the firewall script).

Though you still need to have a good understanding of firewall principles and network protocols, Firewall Builder makes the construction of complex policies much, much easier.

Download from: http://www.fwbuilder.org

Files to download: Depends on your distribution: For Red Hat 9, get libfwbuilder-1.0.0-1.rh9.i386.rpm fwbuilder-1.0.10-1.rh9.i386.rpm and fwbuilder-ipt-1.0.10-1.rh9.i386.rpm, but you will also need libsigc++10-1.0.4-fr3.i386.rpm and gtkmm-1.2.10.fr3.i386.rpm, which can be downloaded from http://freshrpms.net/

Installation in Red Hat is as simple as:

[root@sleipnir les]# rpm -ivh libfwbuilder-1.0.0-1.rh9.i386.rpm fwbuilder*.rpm gtkmm-1.2.10-fr3.i386.rpm libsigc++10-1.0.4-fr3.i386.rpm
warning: gtkmm-1.2.10-fr3.i386.rpm: V3 DSA signature: NOKEY, key ID e42d547b
Preparing...                ########################################### [100%]
  1:libsigc++10            ########################################### [ 20%]
  2:libfwbuilder           ########################################### [ 40%]
  3:gtkmm                  ########################################### [ 60%]
  4:fwbuilder              ########################################### [ 80%]
  5:fwbuilder-ipt          ########################################### [100%]
[root@sleipnir les]#

Price: $0


Page last updated: 28/Apr/2004 Back to Home Copyright © 1987-2010 Les Bell and Associates Pty Ltd. All rights reserved. webmaster@lesbell.com.au

...........................