When a new group is created (see Figure 2) the member objects can either be created from within the configuration of the group itself (click the “Create new object and add to this group” drop-down) or objects can be dragged and dropped into the group from one of the Libraries. Networks: This object describes an IP network or an entire subnet.Ī group is a container that holds references to multiple objects of the same or similar type (Addresses, Address Ranges, Network Objects). Hosts: A host object represents hosts on a network: Desktops, Workstations, and any other network node that has a network address. Groups: A group is a container that holds references to multiple objects of the same or similar type (Addresses, Address Ranges, Network Objects). What this highlights is the intelligence of the compiler and its ability to resolve addresses to names during compilation. More on this in a moment.Īddresses: A single address that can be used for an interface, source, or destination (such as a host).ĭNS Names: This object represents a DNS “A” or “AAAA” name and resolves to an IP address during either compile or run time. The Address Tables object has an added feature which allows for the object to be loaded at either compile time (during firewall compilation) or during run time (when Firewall Builder runs the firewall script). In fact quite a few object types can be created and used, and here is a listing of the types:Īddress Ranges: A range of addresses can be configured into a single object.Īddress Tables: This is an address-based object that can be created when a range of addresses is needed but the actual addresses are not known when the firewall or policy is being written. That doesn’t just apply to services any of the objects created in a previous firewall can be re-used over and over.ĭon’t think objects are limited to services or addresses. So even if the objects were initially created for the SSH firewall, they can then be re-purposed for a firewall focused on a Web server.
One of the nice features of Firewall Builder is that those objects can be then reused in other firewalls. The methods discussed in that article describe the creation of objects for the User Library.
#Firewall builder how to#
In my previous article I discussed how to create objects specific to firewall used for SSH connections into a host. It is also possible to create a Custom Library by clicking the drop-down to the left of the Libraries drop-down and selecting New Library. Drag and drop all of the related entries necessary for the new firewall into the desired rules for the firewall.Īnother way to find the object is to use the convenient filter feature, located just below the Library drop down, that lets you quickly filter the objects in the tree to find what you are looking for. Why bother creating TCP/UDP service objects when they already exist in the Standard Library? Simply open up the Standard Library (click the Library drop-down and click Standard), expand the Services entry, Expand the TCP entry, and the HTTP and HTTPS entries will be available. Let’s say, for example, the firewall being created will be used to secure an HTTP server. To select a library, click on the Library drop-down (see Figure 1) and select either the Standard Library or the User Library. User: An empty pre-categorized library where users can add their own objects and then drag and drop them into firewalls. Standard: The predefined objects that can be dragged and dropped into firewalls.
By default Firewall Builder includes two Libraries. With a sound understanding of objects under the belt, any one should be able to create secure and flexible firewalls to fit nearly any need.įirewall Builder stores objects in what are known as Libraries. Objects are so crucial to the ease of use and understanding of Firewall Builder, I want to dedicate this entire article to the creation, editing, and use of objects. Firewall Builder comes with plenty of pre-defined objects that can be used right away, and also makes for easy creation of new objects.
Objects are reusable elements that can be added and removed from firewall rules by dragging and dropping the object into firewall rules. One of the many reasons Firewall Builder is both powerful and easy to use is its objects feature.
Firewall Builder is one of the most powerful and user-friendly firewall creation utilities available for Linux.
0 kommentar(er)
