Have you ever wanted to configure a personal firewall for your GNU/Linux box, but were scared of the complexity of iptables? Well, I might not be able to make you a security expert, but I can show you a tool that will help you to configure your personal firewall the easy way. The secret? Firewall Builder (also known as fwbuilder for short).

Firewall Builder is a graphical user interface (GUI) that allows you to configure a number of firewall engines in many different environments. As of version 2.0.9 it supports these firewall softwares:

• FWSM
• ipfilter
• ipfw
• iptables
• PF
• PIX

and these environments:

• FreeBSD
• Cisco FWSM
• Linksys/Sveasoft
• GNU/Linux (kernel 2.4 and 2.6)
• MacOS X
• OpenBSD
• Cisco PIX
• Solaris

Obviously, if I had to talk about internet security in general and about all possible uses of Firewall Builder on all the possible platforms, I’d be better off writing a book. Therefore, I’ll focus on a specific case—configuring a “personal” firewall (that is, a firewall that protects just the one computer it is running on) on a DHCP-configured machine. I will create the basic configuration with a wizard and add some customisations afterwards.

Firewall Builder is a graphical user interface (GUI) that allows you to configure a number of firewall engines in many different environments

The platform I will work on is:

• Linux 2.6 (Debian Testing)
• iptables 1.3.6
• Firewall Builder 2.0.9

I will assume that you already installed Firewall Builder on your system (using apt-get or Synaptic Package Manager, for example).

Starting Firewall Builder

You can run Firewall Builder by finding it in a menu and clicking on its icon, by simply firing up a terminal window and typing fwbuilder. The program will come out with a welcome window that asks if you want to open an existing file or create a new project: choose to create a new one and give a filename, then click on “Next”.

You are then asked if you want to use a Revision Control System and if you want this project to be the default one. We are just playing around, so leave them unchecked and go ahead with “Finish”. The real game starts now.

Figure 1: Starting to create your personal firewall

Look at the “Firewalls” folder at the top left: it’s empty and we are going to create a new one. Right click on the folder and choose “New firewall” from the context menu.

Figure 2: Selecting your firewall’s platform

You are now asked for a name, a firewall application and an operating system: for the name, choose any one you like (“ifts” is the name I give to my firewall for historical reasons); for the other two, I am assuming you are using iptables on GNU/Linux. To use the wizard, be sure to check the “Use preconfigured template firewall objects”.

Figure 3: Starting with a wizard

At this point you are presented a list of canned templates. Please choose “host fw template 1” and go ahead.

Figure 4: Your first firewall configuration is there, already!

After a few moments you are shown a graphical representation of the pre-set rules for this template. As you will easily realize, you can accept SSH connections, ping requests and other useful ICMP requests (rule 0); you will also be allowed to open connections to anywhere you like (rule 1). The last rule (rule 2) will be the one that will be used if neither rule 1 nor rule 2 match: the connection is denied and the attempt is logged.

Assuming that you are satisfied with these rules so far, how do you actually use them?

Figure 5: Compiling your firewall rules

Just press the gear button (Compile) in the button bar. A window like the one above will appear. Since it says “Policy compiled successfully” you may well expect to find something somewhere that will finally activate your brand new firewall, but where?

Just look at the first line, it says

fwb_ipt -f /home/bronto/ifts.fwb -d /home/bronto ifts

Since /home/bronto/ifts.fwb is my source file, then something “ifts”-related has been probably built in /home/bronto, my home directory. Just take a look (using Nautilus or using the command line) and you will find a .fw file in that directory (in my case: /home/bronto/ifts.fw). It’s a shell script that you may want to take a look at: you will see that he rules you created graphically have been transformed into iptables commands.

To apply those rules, just run that script as root and you’re done.

If you don’t want to use the command line, and you are using GNOME, you will need to open a “root Nautilus window”. To do so, press ALT-F2 (under GNOME) and type: gksudo "nautilus --browser". Find your home directory (in my case, /home/bronto) and double click on the file ifts.fw. Choose the option “Run in terminal”, and voilà - the firewall command is run!

Figure 5a: Running a command

If you are more accustomed to using the command line, you can run the newly created script by opening a terminal and running:

$ sudo /home/bronto/ifts.fw

It’s just been a few minutes using Firewall Builder and you already have a firewall running on your PC!