Vadim Kurland – vkurland

What's happening?

Followup: RE: port forwarding - obi wan your our only h

Chapter "Destination Address Translation" is probably what you need to read in the Users Guide. http://www.fwbuilder.org/docs/users_guide/x2984.htm#AEN3158 Rules on fix 8-24 and 8-25 are close to what you want, just use appropriate service object in Original Service.

02:21PM UTC on Jul 02 2009 in Firewall Builder
Followup: RE: port forwarding - obi wan your our only h

you need a NAT rule. You can find many examples of NAT and policy rules in the Firewall Builder Users Guide. Links t the PDF and HTML versions of the Guide are on the home page of the web site.

12:13PM UTC on Jul 02 2009 in Firewall Builder
Comment: No pass out rule being generated

Why do you expect the program to generate "pass out quick any to any" rule at the end of the script ? Generated script uses "quick" with all rules and therefore works on the "first match" basis. A rule like this at the bottom will permit any outgoing sessions otherwise not explicitly denied. The right behavior is to add "catch all" rules at the bottom to block everything that is not explicitly...

03:21PM UTC on Jul 01 2009 in Firewall Builder
Followup: RE: Fwbuilder Policy Importer improvment

But to detect attacks you need to watch relative counter growth, you do not need to maintain persistent counters from the beginning of time through all the iptables updates. You update the policy and reset counters, then watch which rule triggers and how fast, that should be enough. Since counters are maintained by iptables, it does not matter how iptables rules were created. If they were...

10:38PM UTC on Jun 28 2009 in Firewall Builder
Followup: RE: Fwbuilder Policy Importer improvment

what would be the purpose of importing these counters into fwbuilder ?.

03:44PM UTC on Jun 28 2009 in Firewall Builder
Followup: RE: libfwbuilder.so.7: cannot open shared obj

try command "ldd fwb_ipt" to see which dynamic libraries it wants to use. Likely you'll see libfwbuilder.so.7 in the output. This is just to confirm that. You will need to work with people who build these packages to figure out why they use old libfwbuilder library with new packages.

11:13PM UTC on Jun 24 2009 in Firewall Builder
Firewall Builder

vkurland added the fwbuilder-3.0.5-b1116.fc10.i386.rpm file.

06:57PM UTC on Jun 24 2009 in Firewall Builder
Firewall Builder

vkurland added the fwbuilder-3.0.5-b1116.fc10.src.rpm file.

06:57PM UTC on Jun 24 2009 in Firewall Builder
Firewall Builder

vkurland added the libfwbuilder-3.0.5-b1116.el5.i386.rpm file.

06:57PM UTC on Jun 24 2009 in Firewall Builder
Firewall Builder

vkurland added the fwbuilder-3.0.5-b1116.fc9.i386.rpm file.

06:57PM UTC on Jun 24 2009 in Firewall Builder

Vadim Kurland – vkurland

What's happening?

Followup: RE: port forwarding - obi wan your our only h

Followup: RE: port forwarding - obi wan your our only h

Comment: No pass out rule being generated

Followup: RE: Fwbuilder Policy Importer improvment

Followup: RE: Fwbuilder Policy Importer improvment

Followup: RE: libfwbuilder.so.7: cannot open shared obj

Firewall Builder

Firewall Builder

Firewall Builder

Firewall Builder

About Me

My Projects

About SourceForge

Find Software

Develop Software

Community

Help