Re: fwbuilder and problems getting it to do what I want when…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mtechnomage at <-
M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: KevinO
Date:  
To: plug-discuss
Subject: Re: fwbuilder and problems getting it to do what I want when i want
technomage wrote:
> btw, anything for the 2.6 kernel set I should be aware of?
Not that I am aware of, but I am still running a 2.4 kernel on my firewall.
You need to be sure you are compiling for the correct version of iptables.

My Mdk 10.0 workstation (kernel 2.6.3-19mdk) has iptables 1.2.9. I run the
fwbuilder program here but I am compiling for my firewall, which has an older
version of iptables so I have to select version (1.2.6 - 1.2.8) on the
firewall tab.

It took me about a week to get up to speed w/ fwbuilder. I built a box with 8
IP addresses and 5 NICs tho ;-)

It really seemed to help a little by messing with the wizard to make a basic
set, and it usually created something usable for a basic setup with 2 or 3
NICs. It will give you a working example that you can save away, modify, save
, modify, then revert back to if you break something.

One check box checked wrong on a tab somewhere will kill you. When I upgraded
my workstation, I installed a newer version of fwbuilder. It seemed to open my
old xml files fine but it had an additional check box on one of the tabs that
I didn't notice at first. The first time I made a change to the firewall,
using the new version, I broke it. The default setting of the new check box
had broken things. I took screen shots and compared the two versions to find it.
;-)

Once I had a working system, and had looked at the output script, I changed
the way that I wrote my rules so that the resulting script was better. Stick
comments anywhere you can in your objects, interfaces, hosts, etc.. They end
up in your output script and make it a lot easier to see what it is (and you
were) doing.

I still say....fwbuilder rocks!

If you want to give me more detailed info off-list, I can try to help you with
your policy(s).

- --
KevinO 

Go placidly amid the noise and waste, and remember what value there may
be in owning a piece thereof.
        -- National Lampoon, "Deteriorata"

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Install FestRE: Install Fest->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)