Debian Package a Day ([info]debaday) wrote,
@ 2004-06-10 08:00:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
fwbuilder - Firewall administration tool GUI
Firewall Builder consists of an object-oriented GUI and a set of policy compilers for various firewall platforms. In Firewall Builder, firewall policy is a set of rules, each rule consists of abstract objects which represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps the user maintain a database of objects and allows policy editing using simple drag-and-drop operations.

This is the GUI part of fwbuilder.

Is this the correct website where this package comes from? That's a real pretty interface for building firewall rules. If this enables more people to protect their systems, I'm all for it.

More information on this package can be found on the Debian web site.
(If there is a package you would like to see featured here, go to the userinfo page and follow the directions there to submit your entry.)

(Post a new comment)

Overkill for some situations
[info]master_haakon
2004-06-10 08:40 am UTC (link)
I think this program is a bit over the top for a single firewall + home router situation. But as soon as you scale up from that it becomes much more worthwhile.

(Reply to this)(Thread)
Re: Overkill for some situations
(Anonymous)
2004-06-11 02:52 pm UTC (link)
not really overkill. if you just want a generic firewall, then there are plenty of scripts out there that'll get you there.

i use it on a home network:
- one firewall for ethernet (lan) and wireless networks (dmz)
- one wired server
- one wired client
- one wireless client

yeah, looking at it now, i have a little bit more complex setup than "a home router and workstation".

i love fwbuilder because:
1. it has a wizard for quickly building a good foundation for a firewall.
2. it shields the user from the syntax of the actual firewall language (iptables, ipf, ipfw, etc)
3. it is highly reusable as it consists of two parts: a database of items (hosts, networks, services, etc) and firewall rules, which the later are built using the former as basic building blocks (through drag 'n drop and right-clicks).

fwbuilder allowed me to easily transition from ipchains to iptables a few years ago (gaining statefulness), without even having to learn the iptables syntax. then by analyzing my rules (the input) and the generated firewall script (the output) i learned iptables (having previously learned ipchains).

fwbuilder : iptables :: python : assembly

think of using fwbuilder as programming in a higher level language, where you are freed up to get real work done instead of mucking about in the details of the language. though knowledge of assembly (and iptables) always helps.

(Reply to this)(Parent)(Thread)
Re: Overkill for some situations
(Anonymous)
2004-06-12 07:22 pm UTC (link)
forgot to mention fireflier (http://fireflier.sf.net).

for the single-power-user-behind-a-firewall i would suggest fireflier. it gives real-time control over a firewall (either on local machine or "remote" linux firewall), much like blackice, kerio personal, etc.

install the server on the firewall and run the graphical client (kde, qt, gtk, even java) on a workstation (or on the firewall if the "workstation" also serves as the "firewall") and be alerted of packets not already addressed by your iptable rules, accept or deny those packets, and manually add rules (even specific to a particular application), all in real time.

see the homepage for a better description and screenshots.

maybe a possible candidate for a future debaday. ;-)

(Reply to this)(Parent)
fwbuilder is the best for big firewalls
(Anonymous)
2004-06-20 12:56 pm UTC (link)
I have been using fwbuilder for a long time. I would agree that there are firewalls that are more appropriate for host-based or two interface firewalls. But nothing that I know of is better at (or able to) managing a more than two interface firewall.

(Reply to this)(Thread)
Re: fwbuilder is the best for big firewalls
(Anonymous)
2006-03-21 10:35 pm UTC (link)
fiaif manages more than two interfaces with one config file per interface. Quick and easy, but no GUI... I like it.

(Reply to this)(Parent)

Create an Account
Forgot your login?
Login w/ OpenID
English • Español • Deutsch • Русский…