Firewall Builder User’s Guide Firewall Builder User’s Guide $Id: UsersGuide3.xml 252 2009-09-12 21:05:00Z vadim $ Edition Copyright © 2003,2009 NetCitadel, LLC The information in this manual is subject to change without notice and should not be construed as a commitment by NetCitadel LLC. NetCitadel LLC assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual. Table of Contents 1. Introduction............................................................................................................................................1 1.1. Introducing Firewall Builder.......................................................................................................1 1.2. Overview of Firewall Builder Features.......................................................................................1 2. Installing Firewall Builder....................................................................................................................3 2.1. RPM-based distributions (Red Hat, Fedora, OpenSUSE and others).........................................3 2.2. Ubuntu Installation......................................................................................................................3 2.3. Installing FreeBSD and OpenBSD Ports....................................................................................4 2.4. Windows Installation...................................................................................................................4 2.5. Mac OS X Installation.................................................................................................................4 2.6. Compiling from Source...............................................................................................................4 3. Definitions and Terms............................................................................................................................7 4. Getting Started.......................................................................................................................................8 5. Firewall Builder GUI...........................................................................................................................44 5.1. The Main Window.....................................................................................................................44 5.2. GUI Menu and Button Bars......................................................................................................45 5.3. Display area...............................................................................................................................52 5.4. Object Tree................................................................................................................................53 5.5. Creating Objects........................................................................................................................58 5.6. Navigating The Object Tree and Editing Objects in the Object Dialog....................................61 5.7. Policy Rulesets..........................................................................................................................63 5.8. Working with multiple data files...............................................................................................64 6. Working With Objects.........................................................................................................................72 6.1. Addressable Objects..................................................................................................................72 6.1.1. Common Properties of Addressable Objects................................................................72 6.1.2. The Firewall Object......................................................................................................72 6.1.3. Interface Object............................................................................................................84 6.1.4. IPv4 Address Object.....................................................................................................96 6.1.5. IPv6 Address Object.....................................................................................................99 6.1.6. Physical Address Object.............................................................................................101 6.1.7. Host Object.................................................................................................................106 6.1.8. IPv4 Network Object..................................................................................................114 6.1.9. IPv6 Network Object..................................................................................................116 6.1.10. Address Range Object..............................................................................................117 6.1.11. Address Tables Object..............................................................................................119 6.1.12. Special case addresses..............................................................................................126 6.1.13. DNS Name Objects..................................................................................................129 6.1.14. A Group of Addressable Objects..............................................................................132 6.2. Service Objects.......................................................................................................................133 6.2.1. IP Service....................................................................................................................133 6.2.2. Using ICMP and ICMP6 Service Objects in Firewall Builder...................................140 6.2.3. TCP Service................................................................................................................143 6.2.4. UDP Service...............................................................................................................152 6.2.5. User Service................................................................................................................155 6.2.6. Custom Service...........................................................................................................157 iii 6.3. Time Interval Objects..............................................................................................................161 6.4. Creating and Using a User-Defined Library of Objects..........................................................163 6.5. Finding and Replacing Objects...............................................................................................167 7. Network Discovery: A Quick Way to Create Objects....................................................................171 7.1. Reading the /etc/hosts file.......................................................................................................172 7.2. Network Discovery.................................................................................................................182 7.3. Policy Importer........................................................................................................................190 8. Firewall Policies.................................................................................................................................191 8.1. Policies and Rules...................................................................................................................191 8.2. Firewall Access Policy Rulesets.............................................................................................192 8.2.1. Source and Destination...............................................................................................193 8.2.2. Service........................................................................................................................193 8.2.3. Interface......................................................................................................................193 8.2.4. Direction.....................................................................................................................194 8.2.5. Action.........................................................................................................................194 8.2.6. Time............................................................................................................................198 8.2.7. Options.......................................................................................................................198 8.2.8. Working with multiple policy rule sets.......................................................................198 8.3. Network Address Translation Rules.......................................................................................200 8.3.1. Basic NAT Rules........................................................................................................200 8.3.2. Source Address Translation........................................................................................203 8.3.3. Destination Address Translation................................................................................211 8.4. Routing Ruleset.......................................................................................................................221 8.4.1. Handling of the Default Route...................................................................................222 8.4.2. ECMP routes..............................................................................................................223