fwb_ipf(1)

1fwb_ipf(1)                     Firewall Builder                     fwb_ipf(1)
2
3
4

NAME

6       fwb_ipf - Policy compiler for ipfilter
7

SYNOPSIS

9       fwb_ipf [-vVx] [-d wdir] [-o output.fw] -f data_file.xml object_name
10
11

DESCRIPTION

13       fwb_ipf  is  a  firewall  policy compiler component of Firewall Builder
14       (see fwbuilder(1)). This compiler generates code for ipfilter. Compiler
15       reads  objects  definitions and firewall description from the data file
16       specified with "-f" option and generates ipfilter  configuration  files
17       and firewall activation script.
18
19       All generated files have names that start with the name of the firewall
20       object. Firewall activation script has extension ".fw"  and  is  simple
21       shell  script  that  flushes  current  policy, loads new filter and nat
22       rules and then activates ipfilter.  IPFilter  configuration  file  name
23       starts  with  the  name  of the firewall object, plus "-ipf.conf".  NAT
24       configuration file name also starts  with  the  name  of  the  firewall
25       object,  plus  "-nat.conf".  For  example,  if firewall object has name
26       "myfirewall", then compiler will create three  files:  "myfirewall.fw",
27       "myfirewall-pf.conf", "myfirewall-nat.conf".
28
29       The data file and the name of the firewall objects must be specified on
30       the command line. Other command line parameters are optional.
31
32
33

OPTIONS

35       -f FILE
36              Specify the name of the data file to be processed.
37
38
39       -o output.fw
40              Specify output file name
41
42
43       -d wdir
44              Specify  working  directory.  Compiler  creates  firewall  acti‐
45              vation  script  and  ipfilter configuration files in this direc‐
46              tory.  If this parameter is missing,  then  all  files  will  be
47              placed in the current working directory.
48
49
50       -v     Be verbose: compiler prints diagnostic messages when it works.
51
52
53       -V     Print version number and quit.
54
55
56       -x     Generate  debugging  information  while  working. This option is
57              intended for debugging only and may produce lots of cryptic mes‐
58              sages.
59
60

NOTES

62       Support for ipf returned in version 1.0.1 of Firewall Builder
63
64       Supported features:
65
66
67
68       o      both ipf.conf and nat.conf files are generated
69
70
71       o      negation in policy rules
72
73
74       o      stateful inspection in individual rule can be turned off in rule
75              options dialog. By default compiler adds "keep state" or  "modu‐
76              late state" to each rule with action 'pass'
77
78
79       o      rule options dialog provides a choice of icmp or tcp rst replies
80              for rules with action "Reject"
81
82
83       o      compiler adds flag "allow-opts" if match on ip options is needed
84
85
86       o      compiler can generate rules matching on TCP flags
87
88
89       o      compiler can generate script adding ip  aliases  for  NAT  rules
90              using addresses that do not belong to any interface of the fire‐
91              wall
92
93
94       o      compiler always adds rule "block quick all" at the  very  bottom
95              of  the  script  to ensure "block all by default" policy even if
96              the policy is empty.
97
98
99       o      Address ranges in both policy and NAT
100
101
102
103
104       Features that are not supported (yet)
105
106
107       o      negation in NAT
108
109
110       o      custom services
111
112
113
114
115       Features that won't be supported (at least not anytime soon)
116
117
118       o      policy routing
119
120
121
122

URL

124       Firewall  Builder  home  page  is  located  at   the   following   URL:
125       http://www.fwbuilder.org/
126
127

BUGS

129       Please report bugs using bug tracking system on SourceForge:
130
131       http://sourceforge.net/tracker/?group_id=5314&atid=105314
132
133
134