FW Builder the best !!!!

Hello friends, I am writing to share my experiences with you, this is my first article so please soft with the criticism !!!!

I have been in network administration for some years now, and I always knew that one of my weaknesses in this regard was the configuration of the firewall, could not get the full potential out of the net filter Linux, I felt my settings very poor and "to solve the situation", until I started studying this wonderful application (FWBuilder). I always saw that in other forums they talked a lot about him PF de FreeBSD, and I saw configurations that I had not even thought of implementing (besides being very complex), IPv6, QOS, HA, etc, buff, a lot for me; but I always had the optimism of being able to do the same thing in Linux, because I decided to do so, I did not want to migrate my firewall to another system, because with Debian e iptables I can do anything !!!

Well to install the program just a «apt-get install fwbuilder»Or if we have the backports«apt-get -t squeeze-backports install fwbuilder«, But we fall into the same and more frustrate you in Debian, the version that is installed is 3.x, very old by the way, so I took on the task of compiling (I love compiling).

We download the software from the following link (as you remember or for those who do not know, SourceForge denies us access ... I live in Cuba), therefore I had to use a mirror external to Sourceforge, but with the same content and fewer restrictions (save this link that will be very useful).

http://www.mirrorservice.org/sites/dl.sourceforge.net/pub/sourceforge/f/fw/fwbuilder/Current_Packages/5.1.0/

There we have all kinds of installers, .deb , . Rpm, And the sources, I got off this one, since the others were heavy and I have a medium connection, etc.

Inside a directory the usual «tar -xvf fwbuilder-5.1.0.3599.tar.gz" and later "cd fwbuilder-5.1.0.3599«, Now we check that we have the dependencies that he requests (I put those of Debian because it's the one I use):

apt-get install automake autoconf libtool libxml2-dev libxslt-dev libsnmp-dev libqt4-core libqt4-dev libqt4-gui qt4-dev-tools

I personally don't use the method

./configure

make

make-install

Because later to uninstall it is a small chorizera, therefore I use a small app called «checkinstall«:

apt-get install checkinstall

What this program does is that it compiles it for you and generates the .deb, so that later one can offer it to their friends and also uninstall it, it works with all programs, following the thread, we have to; in the folder where we unzip, we do a:

./autogen.sh --prefix="/opt/fwbuilder

Check to have the directory created (in this example / opt / fwbuilder), if everything goes well, we do «make»And then, using the previously installed app,«checkinstall -D make install»For systems .deb and also to rpm we use «checkinstall -R make install", and to Slackware «checkinstall -S make install«, This generates the package and installs it, buff, all easy right, now the fun begins.

Once installed, we must make a symbolic link to everything found in «/ opt / fwbuilder / bin /" for "/ usr / bin /«, We make a« soft »link:

ln -s /opt/fwbuilder/bin/fwbuilder /usr/bin/

Then we verify with «whereis fwbuilder«, We should get something like this:«fwbuilder: / usr / bin / fwbuilder / opt / fwbuilder / bin / fwbuilder«, This is enough to start working with the program, we create a launcher or simply from the console we type«fwbuilder"(do not run as root, nothing happens but it is not necessary).

FWBuilder

Now it only remains to dedicate time to its configuration, but that is another matter, if I am delighted with your comments, I am here to serve you, I love to help.

Greetings from the number 1 fan of the good people on this blog.

Hugs


9 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   KZKG ^ Gaara said

    Hello and welcome 😀
    A pleasure to have another Cuban here on the blog, with elav ... you and I are already 3 Cubans writing here, and ... another who has just registered, and I'm excited about the contributions he can make.

    Thank you very much for your contribution, I really do ... it's great that more from here are part of the site 🙂

    So, officially… welcome 😉
    Greetings and any questions, do you have my email? 🙂

  2.   TheSandman86 said

    Very good article, I did not know this tool, I always had problems configuring firewalls in Linux, so I will be testing it shortly.
    As a separate comment, I had no idea that there were so many restrictions against your country, being that in free software the idea is to share, be it programs or simply knowledge, this is very contradictory to me, but hey, some things are difficult to understand 🙁

    1.    taregon said

      It's true, a shame what happens there ... but luckily there are mirrors😉

    2.    FerreryGuardia said

      It's simple, Cuba has a blockade by decree-law by the United States that more or less and with its trap and its cardboard says that if a company operates in Cuba it cannot operate in the United States, therefore many companies directly veto Cuba to avoid problems with the United States.
      If you've ever heard of the Cuban blockade or the Helms-Burton Act, that's basically what it is.

  3.   Oscar said

    Thanks for the tutorial, in Debian Wheezy version 5.1.0 is in the repositories, the most serious problem for me is to configure it, if you have a guide, I would appreciate it.

  4.   msx said

    «Since you remember or for those who do not know, SourceForge denies us access ... I live in Cuba)»

    That is the freedom that proclaims the 'great country of the north', hdrmp gringos ...

  5.   carolina said

    Hello! I have a problem trying to compile a NAT rule. Well, when I select the compile button, the following errors appear:
    * Error resolving dns name
    * Error: Resource temporarily unavailable
    * Error resolving dns name c.st1.ntp.br: 'Host or network' c.st1.ntp.br 'not found; last error: Resource temporarily unavailable '
    * Error (iptables): Empty group or address table objects 'ntprhel' found in the rule 36 (NAT) and option 'Ignore rules with empty groups' is off
    * Abnormal program termination
    Does anyone know how I can solve this problem?
    I appreciate the help 🙂

    1.    Edward Claus said

      Hello Carolina, first thank you for reading the article

      Well, I'll tell you that that mistake has never given me, but from what I saw, you must
      disable the option that the FW Builder brings to check the IP address
      against DNS, the other thing is that you must have some empty group

      To disable the option to check addresses against DNS, go to
      «Preferences» / »Objects» / »DNS Name», you must select the one that says ... »Run Time» ...

      you let me know anything

      regards

  6.   Camilo said

    Yes, they talk about the freedoms of free software and they are sold to the empire ……. Greetings to all, I manage a firewall with fwbuilder but with fixed IP users, I plan to enable some accesses, for example with the name of the machine you want to access but I can't find the way any help would be of great help.
    From Venezuela thank you ...