fBuilder by InnerTek Software

Using the wizard

Please note: this documentation is a work in progress
If you have any questions about the use of fBuilder 2.4, please email support and we will be happy to assist.

Using the wizard is straight forward, just click on the 'Edit Firewall>>Firewall Wizard' link and answer a few basic questions about your network. The wizard will then create an iptables script based on the information you provided. The firewall that the wizard creates sets all default policies to DENY and opens specific holes (based on your choices) to allow incoming traffic from the Internet and from your internal network.

The first screen in the wizard asks for IP address or NIC information depending on the version of fBuilder the you are running.

For fBuilder Plus, the following fields must be filled in:

External NIC: the name of the NIC that is attached to the internet. (Example - eth0)
External network address: address of the external network. Please note that when specifying a network address, you should enter the address followed by a forward slash (/) then the netmask. You may use shorthand for the netmask, for instance a netmask of 255.255.255.0 may be written as /24.
Internal NIC: the name of the NIC that is attached to your internal network. (Example - eth1) Note: If you only have one NIC, this will be the same as your External NIC.
Internal network address: address of the internal network. Please note that when specifying a network address, you should enter the address followed by a forward slash (/) then the netmask. You may use shorthand for the netmask, for instance a netmask of 255.255.255.0 may be written as /24.
Loopback IP address: address of the loopback interface, most systems can just leave this as 127.0.0.1.

If you chose to enter DMZ information when setting up your interfaces, you will also see that information on the screen above.

The second screen in the wizard is for choosing your incoming and outgoing services. The services listed in the boxes come directly from the /etc/services file on your system. To add/delete a service, edit your /etc/services file and make the addition or deletion. To add the services which will be allowed access through your firewall choose a service from the left window and move it to the right window by highlighting the service you would like moved and clicking on the direction arrow. You can remove services from the right side using the same technique. In iptables, this information controls what will be allowed in and out of the firewall host machine itself.

The third screen is for choosing DNS, ICMP and logging options. By checking the box you are enabling that particular service/protocol. You should note that by logging all packets that your /var/log/messages file will grow very fast.

At this point you are given the option to choose whether or not to setup IP masquerade / forwarding services. If you say no to this question (or ignore this question) you will be finished using the wizard and your firewall will be created. If you answer yes to this question you will be brought to a screen exactly like the service chooser screen mentioned above. Here you can choose which services your internal network may access. Note: If your firewall is acting as a router (providing services for an internal network) you will want to set up forwarding services.

After your firewall is created you can install with the 'Install' link at the bottom of the script or with the 'Edit Firewall>>Install Firewall' option. Once your firewall is installed you can view your rule set with the 'View Options>>View Firewall' option and make any necessary changes using the edit/insert/delete capabilities. These options are only available in fBuilder Plus.

Using the expert add utility

The expert add utility allows you to create your firewall rules one by one. Each rule will be inserted at the end of the chain. When using this method for creating your firewall, you will also need to use the 'Set Default Policy' option to set the default policy on the input, output and forward chains. You can also use the expert add utility to add additional firewall rules after you have created your firewall with the Wizard.

The expert add utility is for system administrators who are experienced in building Linux firewalls. The expert add utility works much like the command line in that you can invert a particular option by clicking the exclamation point next to the option you wish to invert. 'Rule options' offer three choices:

None
Ack bit must be set
Syn bit must be set

The 'TOS' or type of service is for setting through put speeds on your rule.

fBuilder Plus 2.2.x offers you the option to automatically create a back traffic rule to help you expedite the creation of your firewall. This option is not available in our Lite version.

When clicking the 'Add Rule' button, the rule will be added at the end of the chain. If you chose an invalid option in your rule fBuilder will silently discard the rule.