Firewall Builder

Firewall Builder consists of an object-oriented GUI and a set of policy compilers for various firewall platforms including iptables, ipfilter, PF, ipfw, Cisco PIX, and IOS ACL. Firewall policy is defined as a set of rules using abstract objects that represent real network objects and services such as hosts, routers, firewalls, networks, and protocols. The tool helps users maintain a database of objects and enables policy editing through simple drag-and-drop operations.

Use cases include managing complex firewall configurations across heterogeneous environments, automating policy compilation for batch processing of multiple firewall objects, and generating platform-specific scripts from a unified policy model. The GUI generates XML files describing firewalls, which are then processed by compilers to produce native configuration code. This separation ensures a consistent abstract model applicable to different firewall platforms.

The suite includes the main fwbuilder GUI, command-line compilers like fwb_ipt and fwb_pf, batch compilation tools like fwb_compile_all, and utilities such as fwbedit for object tree management. It supports automated network object discovery and bulk import, making it suitable for enterprise network security administration.

Firewall Builder operates using an object-oriented model where policies are defined as rules composed of abstract objects (hosts, networks, services, protocols) stored in an XML data file. The GUI (fwbuilder) enables drag-and-drop policy editing and object management, generating XML firewall descriptions. Policy compilers (fwb_ipt, fwb_pf, etc.) parse this XML, match rules to the target platform, and generate native configuration scripts (e.g., iptables scripts, PF rules, Cisco ACLs). Batch tools like fwb_compile_all process multiple firewalls by selecting the appropriate compiler based on each object's platform. Object editing is handled by fwbedit for tree manipulation and upgrades.