• Total Posts: 28068
  • Total Topics: 8059
  • Online Today: 1132
  • Online Ever: 51419
  • (01. January 2010., 09:27:49)

Author Topic: Firewall Builder 3.0.3 Build 688  (Read 4003 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
Firewall Builder 3.0.3 Build 688
« on: 13. December 2008., 18:17:34 »

Firewall Builder description   

A multi-platform firewall management and configuration tool

Firewall Builder is a multi-platform firewall management and configuration tool.

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy edsing simple drag-and-drop operop operations.

Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX. Technical summary of features supported by the policy compilers for all platforms can be found in the section "Modules" (see menu on the left).

Being truly vendor-neutral, Firewall Builder can generate configuration file for any supported target firewall platform from the same policy created in its GUI. This provides for both consistent policy management solution for heterogeneous environments and possible migration path.

With the additional purchase of Firewall Builder for PIX, Firewall Builder functions as a sophisticated policy management software for Cisco PIX firewall with access to all functions of PIX including newest features added in v7.x.

Firewall Builder for Cisco IOS Access Lists, another add-on module, adds support for router access lists and turns Firewall Builder into complete solution for the multi-tiered network security.

Firewall Builder allows for management of multiple firewalls using the same network object database. Change made to an object is immediately reflected in the policy of all firewalls using this object. Administrator only needs to recompile and install policies on actual firewall machines.

In Firewall Builder, administrator works with an abstraction of firewall policy and NAT rules; software effectively "hides" specifics of particular target firewall platform and helps administrator focus on implementation of security policy.

Backend software components, or policy compilers, can deduct many parameters of policy rules using information available through network and service objects and therefore generate fairly complex code for the target firewall, thus relieving administrator from having to remember all its details and limitations. Policy compilers can also run sanity checks on firewall rules and make sure typical errors are caught before generated policy is deployed.


· 30 days trial

What's New in This Release: [ read full changelog ]

· Built-in installer uses scp (pscp.exe on Windows) to copy files to the firewall, this makes it work much faster.
· Data file compression (optional)
· Support for pure mangle table rule sets for iptables
· Significant improvement in the speed of the shadowing detection for all compilers (up to 5 times on large linear policies)
· Numerous improvements in the built-in policy importer for iptables (but no support for IPv6 yet)
· Russian and Japanes translations
· Internationalization
· Added Japanese translation by Tadashi Jokagi ( elf2000 )
· Added Russian translation. Not 100% but usable.
· Improvements and bug fixes in the GUI in the built-in policy installer
· Redesign of the built-in installer. Code refactoring to make it more manageable.
· Built-in installer now usies scp (pscp.exe on windows) to copy files to the firewall. This helps improve performance of the installer. This fixes bug #2135827: "Store a copy of fwb file..." very slow
· fixed crash in built-in installer that happened when existing PIX configuration was saved before loading new one.
· A fix in the built-in installer to make sure it finds all generated files when user specifies alternative name (possibly full path) for the generated script.
· fixed bug #2194829: "the gui can not locate data file in non-ascii directory". This seems to have happened only on Windows and Mac; if data file was located in the directory with the name with non-ascii characters, the gui generated incorrect command line for the compiler when user tried to compile the data file more than once.
· fixed a bug introduced some time earlier and reported in the bug report #2135827: policy installer would only copy .fwb file to the firewall when "Store data file on the firewall" was activated and skipped actual generated policy file(s) (.fw). This only happened on Windows.
· Check to make sure paths to ssh and scp utilities are properly configured in Preferences before running install. Show aprropriate error dialog to the user if path to ssh or scp is not configured.
· installer for Cisco routers and PIX could not find generated file because variable conffile is now always a full absolute path. This bug was introduced earlier during installer rewrite for v3.0.2. Tested installer for router and PIX using default generated file name, as well as custom generated file name, defined both as absolute and as relative path. Tested batch install of combination of a router and a pix in one batch (the same user account, then same enable password on both)
· Improvements and bug fixes in the GUI in the built-in policy importer
· fixed bug (no #): policy importer for iptables used to create separate Policy objects for chains INPUT, FORWARD, OUTPUT.
· policy importer for iptables correctly imports user-defined chain, configures rule with action "Chain" and establishes association between it and ruleset created for the user-defined chain. Multiple rules with this action can point at the same ruleset.
· policy importer for iptables properly creates TagService objects and places them into action of the rule finds iptables rule with target "-j MARK"
· a temporary fix for the problem in ANTLR that causes crash on import of very large config files. This affected import of both iptables and Cisco IOS configurations and depended just on the file size.
· applied patch for gcc 4.4 from bug# 2282828 "patch for gcc-4.4"
· Improvements and bug fixes in the GUI
· fixed crash that happened when user opened PIX firewall "advanced" settings dialog and then tried to save changes by clicking OK.
· Several build problems fixed for FreeBSD.
· fixed bug #2158561: "Solaris fwb 3.0.2-b599 build prob" Fixed build problems on FreeBSD and Solaris
· Added GUI control in the Preferences dialog for the path to scp utility used by built-in policy installer
· added support for data file compression. This fixes bug# 2130128: "Option to compress the FWB file".
· Added tab "Data File" to the Preferences dialog; added checkbox "Enable data file compression" to this tab. If this checkbox is turned on, the GUI will compress data file when it is saved to disk.
· fixed bug #2149585 "Deleting Routing object breaks file". The GUI should not allow the user to delete "Routing" ruleset object, as well as any other top-level ruleset object. This applies to both deleting them via context menu item or Delete key stroke.
· fixed bug #2149503: ever since attribute "read-only" of FWObject has been converted from a dictionary entry to a member variable, the GUI could not properly check if an object is read-only and could not update context menu and icon in the object tree. This lead to unstable behavior when an object was set read-only because the GUI could not show corresponding icon to indicate its status change, did not switch context menu items and permitted operations that should not have been permitted.
· Added attribute to the Policy object for iptables to indicate that this policy ruleset should be compiled into filter and mangle tables or only for the mangle table. This makes sense (and is only shown) for iptables firewalls. By default the attribute is set to "filter+mangle" which means compiler will try to figure out which table each rule should go to. However some combinations of service objects and actions are ambiguous and can be used in both filter and mangle tables. In cases like these, user can help by creating separate Policy ruleset that will be translated only into iptables rules in the mangle table.
· fixed bug: object editor panel resized itself erratically when user switched between objects while editor was open. This happened on Windows and Mac OS X.
· fixed object type icon in the RuleSet and Interface object dialogs.
· fixed bug #2187094: "fwbuilder does not use system colors for text boxes". Some dialogs would not properly pick up KDE theme. This was especially visible if theme used dark background colors and white font, in which case many input fields in dialogs would use white text on white background.
· more fixes for bug #2194829: use toLocal8Bit() instead of toLatin1() in all calls to libfwbuilder functions that deal with files (FWObjectDatabase::load() etc.), as well as system functions such as unlink(), rename(), access(). Now I can open, save, check out and check in file if it is in directory with non-ascii name and also can use non-ascii characters in RCS checkin log records.
· making sure no rule operations are allowed when rule set or parent firewall object are read-only. This fixes GUI crash that happened when user tried to remove rule from a group in the read-only firewall.
· fixed bug #2209210 "crash in fwbuilder: ObjectIconView.cpp:90:". The GUI crashed if user moved mouse cursor over object icons in a group object editor when tooltips were activated.
· fixed bug #2255591 Adding new ipv6 policy is always type "mangle". When user added new Policy object to the iptables firewall and made and saved any changes in the object editor (switched to "top rule set" or toggled setting "filter+mangle"="mangle only"), the setting of the ruleset would switch to "mangle only" and stick there. There was no way to switch it back to "filter+mangle". This is fixed in build 641.
· fix bug #2303486: "Operation of duplicating firewall should switch policy". When firewall object is duplicated, the GUI should automatically open policy of the new object rather than keep policy of the original open. At the same time, reset lastModified, lastCompiled, lastInstalled of the new firewall instead of keeping copies from the original.
· better layout of the first page of Preferences dialog to make sure long path to the working directory fits in the input widget.
· fixed printing from command line which was broken some time ago (perhaps in 3.0.1). When user prints firewall policy from command line using "fwbuilder -f file -P fw_object" all rule groups are always printed expanded.
· fixed printing with QT 4.4. QT 4.4 correctly sets physical resolution of the printer and sets its logical resolution to 1200dpi. This caused rulesets to be printed incorrectly on Windows and Mac where we use QT 4.4.1. This fix restores printing on these platforms.
· Improved Mac OS X bundle: included qt.conf file to make it look only inside the bundle for QT libraries and plugins, this eliminated warnings about QT libraries being loaded from two places if the system where fwbuilder GUI was running had QT installed on it. Now packaging QT accessibility plugin library, this should make the GUI run with acessibility features if accessibility aids are turned on system-wide.
· Improvements and bug fixes in components common for all policy compilers
· All compilers: firewall object can be specified by its ID in addition to by name. Command line option "-i" tells compiler that the last parameter of the command line is object ID. This works reliably when firewall object name contains non-ascii characters and the program runs under locale using 8 bit characters. Built-in installer now uses this method while calling all policy compilers.
· change in the algorithm used to decide which interfaces of the host or firewall object to use in a rule when this host or firewall object is found in source or destination. Previously, compiler would skip loopback interface unless user associated the rule with loopback by putting it in the "Interface" rule element. This made it impossible to create rules with address in destination but attached to interface other than loopback (such rule is used for transparent proxy configuration). Now if user explicitly put loopback interface object into rule element, we always keep it. However when compiler expands interfaces from a host or firewall object, it will skip loopback as before, unless the rule is attached to loopback interface.
· getHostByName() used to insert duplicate IP addresses into the list of the results. Now making sure ip addresses in the result are unique.
· Using internal caching to speed-up shadowing detection. This cuts time of shadowing detection almost in half for large policies with many rules.
· Optimisations in the code that detects rule shadowing. Combined with improvements in classes Rule and RuleElement, this yields speed-up in shadowing detection by a factor of about 5.
· Improvements and bug fixes in the policy compiler for iptables
Compiler for iptables uses QT functions to properly process non-ascii file names and firewall object names. Compiler correctly creates generated script when its file name contains non-ascii characters on all supported OS. The GUI can find the file and built-in installer can copy it to the firewall and activate it there. QT helps manage encodings and locales in OS-independent manner. Caveats:
· Dependency on QT libraries means compilers can not be deployed on the firewall separately from the GUI.
· pscp.exe on Windows does not seem to be able to pick up file with non-ascii characters in name when program runs on Windows with standard English locale. Could not test on Windows running with national locale. As a workaround, user can specify alternative name for the generated script in the firewall settings dialog (tab "Compiler").
· Support for non-ascii firewall object and generated script names is currently only available in compiler for iptables
· fixed bug #2151898: "use of "--icmp-type any" iptables 1.2.6a". Iptables v1.2.6a and older do not have option "-m icmp --icmp-type any".
· fixed bug #2148378: "Negation does not work on Tag Service". Policy compiler for iptables should be able to use "!" single-object negation for TagService obejcts
· Added attribute to the Policy object for iptables to indicate that this policy ruleset should be compiled into filter and mangle tables or only for the mangle table. This makes sense (and is only shown) for iptables firewalls. By default the attribute is set to "filter+mangle" which means compiler will try to figure out which table each rule should go to. However some combinations of service objects and actions are ambiguous and can be used in both filter and mangle tables. In cases like these, user can help by creating separate Policy ruleset that will be translated only into iptables rules in the mangle table.
· Always placing rules with action "Accept" in table mangle in chain PREROUTING
· fixed bug (no #): policy compiler for iptables would crash with assertion when AddressTable or DNSName object was used in a rule in pure mangle table ruleset. This could be related to crash reported in bug #2157121.
· Explicitly use "
· " instead of endl to avoid implicit conversion to "
· " on Windows (generated script is for iptables which can only run on Linux, so it is safe to use "
· " instead of endl).
· added support for single object negation in OSrc and ODst in NAT rules. This provides for more compact iptables script in the often used case where single object is used with negation in these elements of a NAT rule. Other improvements in handling NAT rules with negation.
· fixed bug (no #): policy compiler for iptables did not handle correctly rules where a host that has multiple addresses was a single object in a rule element and had negation.
· while processing single object negation, consider hosts and firewalls with one normal interface and loopback interface eligible (i.e. ignore loopback address even though formally such object has at least two ip addresses).
· fixed bug #2180556: "broken support for the "old" time module for iptables". Compiler generated incorrect parameters for the "time" module for versions
# Online Anti-Malware Scanners:,734.0.html

Samker's Computer Forum -

Firewall Builder 3.0.3 Build 688
« on: 13. December 2008., 18:17:34 »


  • SCF Newbie
  • *
  • Posts: 3
  • KARMA: 0
Re: Firewall Builder 3.0.3 Build 688
« Reply #1 on: 08. July 2009., 09:08:28 »
The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX, FWSM, and Cisco routers access lists. v3.0.3 is a bug-fix release. Problems with storing IPv6 addresses on FreeBSD have been fixed. GUI stability on operations of copying multiple objects between different data files has been improved. Parser for Cisco IOS configurations can now import configurations with wider range of constructs. Support for non-ASCII characters in the RCS commit comments has been implemented.
powerpoint compression
used laptops


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising