Firewall Builder 4.0 User's Guide Firewall Builder 4.0 User's Guide Copyright © 2003,2010 NetCitadel, LLC The information in this manual is subject to change without notice and should not be construed as a commitment by NetCitadel LLC. NetCitadel LLC assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual. Table of Contents 1. Introduction ................................................................................................................... 1 1.1. Introducing Firewall Builder ................................................................................... 1 1.2. Overview of Firewall Builder Features ..................................................................... 1 2. Installing Firewall Builder ................................................................................................ 4 2.1. RPM-based distributions (Red Hat, Fedora, OpenSUSE and others) ............................... 4 2.2. Ubuntu Installation ............................................................................................... 4 2.3. Installing FreeBSD and OpenBSD Ports ................................................................... 5 2.4. Windows Installation ............................................................................................ 5 2.5. Mac OS X Installation .......................................................................................... 5 2.6. Compiling from Source ......................................................................................... 5 2.7. Rpm and deb repositories for stable and testing packages ............................................. 7 2.7.1. Debian/Ubuntu packages repository ............................................................... 7 2.7.2. RPM packages repository ............................................................................ 9 3. Definitions and Terms .................................................................................................... 11 4. Getting Started .............................................................................................................. 12 5. Firewall Builder GUI ..................................................................................................... 35 5.1. The Main Window .............................................................................................. 35 5.2. GUI Menu and Button Bars .................................................................................. 36 5.3. Display area ....................................................................................................... 46 5.4. Object Tree ....................................................................................................... 47 5.4.1. Floating the Object Tree ............................................................................ 50 5.4.2. Filtering the Object Tree ............................................................................ 51 5.4.3. Object Attributes in the Tree ...................................................................... 52 5.5. Creating Objects ................................................................................................. 53 5.6. The Object Dialog .............................................................................................. 55 5.7. Policy Rulesets ................................................................................................... 56 5.8. Working with multiple data files ........................................................................... 57 6. Working With Objects ................................................................................................... 61 6.1. Addressable Objects ............................................................................................ 61 6.1.1. Common Properties of Addressable Objects .................................................. 61 6.1.2. The Firewall Object .................................................................................. 61 6.1.3. Interface Object ....................................................................................... 72 6.1.4. IPv4 Address Object ................................................................................. 81 6.1.5. IPv6 Address Object ................................................................................. 83 6.1.6. Physical Address Object ............................................................................ 85 6.1.7. Host Object ............................................................................................. 88 6.1.8. IPv4 Network Object ................................................................................ 94 6.1.9. IPv6 Network Object ................................................................................ 95 6.1.10. Address Range Object ............................................................................. 96 6.1.11. Address Tables Object ............................................................................. 97 6.1.12. Special case addresses ............................................................................ 103 6.1.13. DNS Name Objects ............................................................................... 105 6.1.14. A Group of Addressable Objects .............................................................. 108 6.2. Service Objects ................................................................................................. 108 6.2.1. IP Service ............................................................................................. 108 6.2.2. Using ICMP and ICMP6 Service Objects in Firewall Builder .......................... 113 6.2.3. TCP Service .......................................................................................... 116 6.2.4. UDP Service .......................................................................................... 123 6.2.5. User Service .......................................................................................... 125 6.2.6. Custom Service ...................................................................................... 127 6.3. Time Interval Objects ........................................................................................ 130 iii Firewall Builder 4.0 User's Guide 6.4. Creating and Using a User-Defined Library of Objects ............................................. 132 6.5. Finding and Replacing Objects ............................................................................ 136 7. Network Discovery: A Quick Way to Create Objects ......................................................... 140 7.1. Reading the /etc/hosts file ................................................................................... 141 7.2. Network Discovery ............................................................................................ 146 7.3. Using Built-in Policy Importer in Firewall Builder .................................................. 162 7.3.1. Importing existing iptables configuration ..................................................... 163 7.3.2. Importing Cisco IOS access lists configuration ............................................. 170 8. Firewall Policies .......................................................................................................... 175 8.1. Policies and Rules ............................................................................................. 175 8.2. Firewall Access Policy Rulesets ........................................................................... 176 8.2.1. Source and Destination ............................................................................ 177 8.2.2. Service ................................................................................................. 177 8.2.3. Interface ................................................................................................ 177 8.2.4. Direction ............................................................................................... 178 8.2.5. Action .................................................................................................. 179 8.2.6. Time .................................................................................................... 181 8.2.7. Options ................................................................................................. 181 8.2.8. Working with multiple policy rule sets ....................................................... 181 8.3. Network Address Translation Rules ...................................................................... 183 8.3.1. Basic NAT Rules ................................................................................... 183 8.3.2. Source Address Translation ...................................................................... 185 8.3.3. Destination Address Translation ................................................................ 191 8.4. Routing Ruleset ................................................................................................ 199 8.4.1. Handling of the Default Route .................................................................. 200 8.4.2. ECMP routes ......................................................................................... 200 8.5. Editing Firewall Rulesets .................................................................................... 201 8.5.1. Adding and removing rules ...................................................................... 201 8.5.2. Adding, removing and modifying objects in the policy