Looking for an effective, powerful, relatively easy to use firewall configuration tool? Allow me to introduce Firewall Builder -- a tool that just might become your new best friend.Firewall Builder has been around for a while; both the Ubuntu and Fedora 8 Linux software repositories, for example, currently offer it to users. Although it is probably best known among Linux users, builds are also available for FreeBSD, OpenBSD, Windows, and Mac OS X.
Firewall Builder uses a dual-licensing model, in which versions for open-source operating systems carry an open-source (GPL) license, while those for commercial operating systems carry a commercial license. Versions that fall into the second category (i.e. those for Windows and Mac OS X) offer a fully-functional 30-day trial period, after which users are required to pay $79.00 for a commercial license.
Earlier this week, Vadim Kurland, a member of the Firewall Builder development team, posted a fairly thorough introductory tutorial on HowtoForge.com. Although I am not a network security expert by any means, I have been working through the tutorial, and it looks like a good way for anyone interested in trying Firewall Builder to get their feet wet.
Keep one thing in mind: When I say "relatively easy to use," I'm emphasizing the "relatively" part. Firewall Builder is designed to separate the process of defining a firewall policy from the process of actually implementing that policy; this allows, for example, a network administrator to swap out a router without being forced to define a new access-control policy from scratch for the new device. The tool uses a wizard-based process for setting up new firewall policies, using either pre-baked templates or policies created from scratch.
Firewall Builder supports a variety of firewall platforms, including iptables (a Linux network-security staple), ipfilter (commonly used with BSD and Solaris), ipfw, and pf. It also supports the firmware used with some Linksys firewall appliances, as well as Cisco PIX or IOS access control lists, making it especially useful for companies using either Linksys or Cisco routers.
Many small-business IT administrators aren't full-time networking pros -- but they still wind up bearing the burden of managing a company's network security hardware. If this sounds like the sort of thing that you do every day, Firewall Builder is probably worth a closer look.