fBuilder by InnerTek Software

Using the wizard

Using the wizard is straight forward, just click on the 'Use the Wizard' link and answer a few basic questions about your network. The wizard will then create an ipchains script based on the information you provided. The firewall that the wizard creates sets all default policies to DENY and opens specific holes (based on your choices) to allow incoming traffic from the Internet and from your internal network.

The first screen in the wizard asks for IP address or NIC information depending on the version of fBuilder the you are running.

For fBuilder Plus, the following fields must be filled in:

External NIC: the name of the NIC that is attached to the internet. (Example - eth0)
External network address: address of the external network. Please note that when specifying a network address, you should enter the address followed by a forward slash (/) then the netmask. You may use shorthand for the netmask, for instance a netmask of 255.255.255.0 may be written as /24.
Internal NIC: the name of the NIC that is attached to your internal network. (Example - eth1) Note: If you only have one NIC, this will be the same as your External NIC.
Internal network address: address of the internal network. Please note that when specifying a network address, you should enter the address followed by a forward slash (/) then the netmask. You may use shorthand for the netmask, for instance a netmask of 255.255.255.0 may be written as /24.
Loopback IP address: address of the loopback interface, most systems can just leave this as 127.0.0.1.

For fBuilder Lite, the following fields must be filled in:

External IP address: address of the ethernet card which is connected to the Internet.
External network address: address of the external network. Please note that when specifying a network address, you should enter the address followed by a forward slash (/) then the netmask. You may use shorthand for the netmask, for instance a netmask of 255.255.255.0 may be written as /24.
Internal IP address: address of the ethernet card which is connected to your internal network.
Internal network address: address of the internal network. Please note that when specifying a network address, you should enter the address followed by a forward slash (/) then the netmask. You may use shorthand for the netmask, for instance a netmask of 255.255.255.0 may be written as /24.
Loopback IP address: address of the loopback interface, most systems can just leave this as 127.0.0.1.

The second screen in the wizard is for choosing your incoming and outgoing services. The services listed in the boxes come directly from the /etc/services file on your system. To add/delete a service, edit your /etc/services file and make the addition or deletion. To add the services which will be allowed access through your firewall choose a service from the left window and move it to the right window by highlighting the service you would like moved and clicking on the direction arrow. You can remove services from the right side using the same technique. Once you have completed moving your services, you must click the 'Select' button on both the incoming and outgoing services before moving to the next screen.

The third screen is for choosing DNS, ICMP and logging options. By checking the box you are enabling that particular service/protocol. You should note that by logging all packets that your /var/log/messages file will grow very fast.

At this point you are given the option to choose whether or not to setup IP masquerade services. If you say no to this question (or ignore this question) you will be finished using the wizard and your firewall will be created. If you answer yes to this question you will be brought to a screen exactly like the service chooser screen mentioned above. Here you can choose which services your internal network may access.

After your firewall is created you can install with the 'Install Firewall' link under the 'Build Firewall' option. Once your firewall is installed you should view your rule set with the 'View Firewall' link under the 'View Firewall' option to make any necessary changes using the edit/insert/delete capabilities. These options are only available in fBuilder Plus.

Using the expert add utility

The expert add utility allows you to create your firewall rules one by one. Each rule will be inserted at the end of the chain. When using this method for creating your firewall, you will also need to use the 'Set Default Policy' option to set the default policy on the input, output and forward chains.

The expert add utility is for system administrators who are experienced in building Linux firewalls. The expert add utility works much like the command line in that you can invert a particular option by clicking the exclamation point next to the option you wish to invert. 'Rule options' offer three choices:

None
Ack bit must be set
Syn bit must be set

The 'TOS' or type of service is for setting through put speeds on your rule.

fBuilder Plus offers you the option to automatically create a back traffic rule to help you expedite the creation of your firewall. This option is not available in our Lite version.

When clicking the 'Add Rule' button, the rule will be added at the end of the chain. If you chose an invalid option in your rule fBuilder will silently discard the rule.