1fwb_pix(1)                     Firewall Builder                     fwb_pix(1)
2
3
4

NAME

6       fwb_ipt - Policy compiler for Cisco IOS ACL
7

SYNOPSIS

9       fwb_iosacl [-vV] [-d wdir] [-4] [-6] [-i] -f data_file.xml object_name
10
11

DESCRIPTION

13       fwb_iosacl  is  firewall  policy compiler component of Firewall Builder
14       (see fwbuilder(1)). Compiler reads  objects  definitions  and  firewall
15       description from the data file specified with "-f" option and generates
16       resultant Cisco IOS ACL configuration file. The configuration is  writ‐
17       ten  to  the  file  with  the name the same as the name of the firewall
18       object, plus extension ".fw". Compiler generates extended access  lists
19       for  Cisco routers running IOS v12.x using "ip access-list <name>" syn‐
20       tax. Compiler also  generates  "ip  access-group"  commands  to  assign
21       access lists to interfaces. Generated ACL configuration can be uploaded
22       to the router manually or using built-in installer in the  fwbuilder(1)
23       GUI.
24
25       The data file and the name of the firewall objects must be specified on
26       the command line. Other command line parameters are optional.
27
28

OPTIONS

30       -4     Generate iptables script for IPv4 part of  the  policy.  If  any
31              rules  of  the  firewall  refer to IPv6 addresses, compiler will
32              skip these rules.  Options "-4" and "-6" are exclusive. If  nei‐
33              ther  option  is  used, compiler tries to generate both parts of
34              the script, although generation of the IPv6 part  is  controlled
35              by  the  option  "Enable  IPv6 support" in the "IPv6" tab of the
36              firewall object advanced settings dialog.  This option is off by
37              default.
38
39
40       -6     Generate  iptables  script  for  IPv6 part of the policy. If any
41              rules of the firewall refer to  IPv6  addresses,  compiler  will
42              skip these rules.
43
44
45       -f FILE
46              Specify the name of the data file to be processed.
47
48
49       -d wdir
50              Specify  working  directory. Compiler creates file with ACL con‐
51              figuration in this directory.  If  this  parameter  is  missing,
52              then  generated ACL will be placed in the current working direc‐
53              tory.
54
55
56       -v     Be verbose: compiler prints diagnostic messages when it works.
57
58
59       -V     Print version number and quit.
60
61
62       -i     When this option is present, the last argument  on  the  command
63              line is supposed to be firewall object ID rather than its name
64
65

URL

67       Firewall   Builder   home   page  is  located  at  the  following  URL:
68       http://www.fwbuilder.org/
69
70

BUGS

72       Please report bugs using bug tracking system on SourceForge:
73
74       http://sourceforge.net/tracker/?group_id=5314&atid=105314
75
76
77

SEE ALSO

79       fwbuilder(1), fwb_pix(1), fwb_ipfw(1), fwb_ipf(1), fwb_ipt(1) fwb_pf(1)
80
81
82FWB                                                                 fwb_pix(1)
Impressum