Firewall Builder 4.0 Installation

Installation of Firewall Builder 4.0

Using pre-built binary DEB and RPM packages

Mainstream Linux distributions package fwbuilder as follows: they put libfwbuilder API library in the .deb or .rpm package "libfwbuilder", the GUI in the package "fwbuilder" and each policy compiler in its separate package, such as "fwbuilder-ipt", "fwbuilder-ipf", "fwbuilder-pf", "fwbuilder-cisco" and so on. Keep this in mind if you install from the distribution, because you need to install three packages: libfwbuilder, fwbuilder and a package with compiler, for example fwbuilder-ipt.

Starting with v4.2.0, we (Firewall Builder Project) make only one binary package named "fwbuilder". That is all you need to download and install. Our Ubuntu packages have names like fwbuilder_4.2.0.3530-ubuntu-natty-1_i386.deb, packages for RPM-based distributions have names like fwbuilder-4.2.0.3530-1.fc14.i686.rpm.

Before v4.2.0, we used to package it in two binary packages (.deb or .rpm): API library in package "libfwbuilder" and the GUI and all compilers in the package "fwbuilder". You needed to download and install both packages because fwbuilder had dependency on libfwbuilder.

Dependencies

To satisfy dependencies, you need the following packages installed on your system:

  • libxml2 v2.4.10 or newer
  • libxslt v1.0.7 o newer
  • ucd-snmp or net-snmp
  • openssl - always use latest version
  • QT 4.5.x Fwbuilder depends on QT 4.5, it will not work with earlier QT versions

"Stable" and "Testing" repositories of rpm and deb packages

We maintain repositories of rpm and deb packages signed with GPG key (key ID PACKAGE-GPG-KEY-fwbuilder.asc id 0xEAEE08FE) . Two separate repositories are maintained for each package type: "stable" and "testing". Stable serves packages that have been oficially released, while testing serves nightly test builds. Instructions how to set up apt, yum and zypper to access repositories are provided here.

Pre-built binary RPMs for RedHat Enterprise Linux 5 (RHEL 5) and CentOS 5.2 and 5.3

CentOS 5 does not come with QT4 and third-party binary RPMs of QT v4.5.x are hard to come by. CentOS 5.3 has QT4, but the version (4.2.1) is older than what is required for fwbuilder GUI. We distribute binary rpms of Firewall Builder 3.0 statically linked with QT for these distributions. These rpms are posted in the downloads area on the SourceForge project site. These rpms have the same standard name such as fwbuilder-4.2.0.3530-1.el5.i386.rpm for CentOS 5.2 and 5.3 (the version and build number will change in the future as we release new ones). They have no dependency on external QT rpms.

If fwbuilder statically linked with QT crashes on start on your CentOS system, check if you have the following font packages installed: bitmap-fonts or bitstream-vera-fonts. Either one should make fwbuilder work (but I am told bitstream-vera fonts look better). See bug report #2595205 on SourceForge for more details.

Note for rpm packagers: Unfortunately rpms for these two font packages do not provide any generalized capability so I can not add proper dependency to my fwbuilder rpms. Actually, QT rpms on systems like Fedora Linux do not have dependency on these font rpms either. If this dependency is ever added to QT rpms, I'll copy it to my statically linked fwbuilder rpms as well.

Pre-built binary RPMs for RedHat Enterprise Linux 6 (RHEL 6)

RHEL 6 comes with suitable QT4 packages and binary rhel6 RPMs that we distribute are built dynamically linked with these libraries.

Installing FreeBSD ports

Firewall Builder consists of two ports: /usr/ports/security/libfwbuilder (to be deprecated when port switches to v4.2.0) and /usr/ports/security/fwbuilder. Just install the port as usual using portinstall or issuing "make install" in /usr/ports/security/fwbuilder

Installing Windows package

Doubleclick on the package file, then follow step by step instructions in installation wizard.

Installing Mac OS X package

Mac OS X package is distributed in the form of a disk image ( .dmg file). Doubleclick on the image to mount it, then drag Firewall Builder application to your Applications folder (or any other place).

Compiling from source

Install development versions of the packages listed above (e.g. install libxml2-devel in addition to libxml2 and so on), including development package for QT.

Note:

You may need to install packages elfutils-libelf and elfutils-libelf-devel (libelf on SuSE), otherwise libfwbuilder won't pick up net-snmp library even if it is installed

If you get errors that refer to missing autoconf macros while running autogen.sh for fwbuilder, check if your system has RPM gettext-devel You may need to add other "development" RPMs besides these, but I have found these two are often forgotten.

To compile from source, download source archive from SourceForge fwbuilder-4.2.0.3530.tar.gz and unpack it somewhere. Then build as follows:

cd /fwbuilder-4.2.0.3530
./autogen.sh
make
make install
                

Script configure tries to find your QT4 installation in several more or less standard places. However, if you installed QT in a directory where it can not find it automatically, you can provide the path to it using --with-qtdir option to script autogen.sh. This looks as follows:

cd /fwbuilder-4.2.0.3530
./autogen.sh --with-qtdir=/opt/qt4
make
make install
                

By default script configure assumes prefix="/usr/local" and installs dynamic libraries in /usr/local/lib and binaries in /usr/local/bin. Make sure /usr/local/lib is added to your LD_LIBRARY_PATH environment variable or to the /etc/ld.so.conf configuration file, otherwise the program won't find dynamic libraries there. Likewise, /usr/local/bin needs to be in your PATH.

You can install libraries and binaries in a different place by specifying new prefix as follows:

./autogen.sh --prefix="/opt"
                

This will install libraries in /opt/lib and the program in /opt/bin

Update for Gentoo installation instructions

I do not have Gentoo system and can not verify these instructions. Please send email to support@fwbuilder.org if they need to be corrected or replaced.

Carsten Lohrke <carlo@gentoo.org> has sent this update to me:

Hello,
I read http://www.fwbuilder.org/guides/firewall_builder_installation.shtml and want to correct the information regarding the Gentoo installation a bit.

If the newer version is present you will need to use the ~x86 use flag (or the ~flag for your specific platform).

While very similar to a use flag, it's an arch(itecture) flag. A preceding ~ means, that the ebuild has testing status on the respective arch.
If a user wants to install the considered stable version, doing "emerge fwbuilder" compiles and installs the application. In case he wants the ~arch version,

ACCEPT_KEYWORDS="~x86" emerge fwbuilder

is not the correct way (anymore), deprecated and should not be used. Instead

    echo ~net-libs/libfwbuilder-2.0.4 >> /etc/portage/package.keywords
    echo ~net-firewall/fwbuilder-2.0.4 >> /etc/portage/package.keywords

unmasks version 2.0.4 and possible ebuild revisions (e.g. fwbuilder-2.0.4-r1), while

    echo net-libs/libfwbuilder >> /etc/portage/package.keywords
    echo net-firewall/fwbuilder >> /etc/portage/package.keywords

unmasks all ~arch keyworded ebuilds. Afterwards the unmasked ebuilds can be emerged as usual.

Regards,
Carsten Lohrke

Installing Firewall Builder on Gentoo Linux

Bill Chmura (Bill at Explosivo.com) sent this short installation note to me:

Gentoo Installation

Gentoo provides e-build's for both fwbuilder and libfwbuilder in the portage system. Newer releases of Firewall Builder may be masked and not appear as the default installation.

To see which version portage will install, run the following commands:

emerge sync (if you have not recently)
emerge -pv fwbuilder

If the version listed is not the current version of Firewall Builder, check the net-firewall/fwbuilder directory of your portage tree. If the newer version is present you will need to use the ~x86 use flag (or the ~flag for your specific platform).

ACCEPT_KEYWORDS="~x86" emerge -pv fwbuilder

If the installation list looks good, you can install with the command:

ACCEPT_KEYWORDS="~x86" emerge fwbuilder

Note: The ~x86 represents a package in testing status for the x86 platform. Be aware that means the ebuild may not be perfect although the source code installed and compiled is not affected. If you are running a different architecture, you will need to substitute ~x86 with your platform. See Portage documentation for more information help with portage.

Great RPM search engine

Grzegorz Paszka sent me an email with a URL for the interesting specialized search engine for RPMs: http://rpm.pbone.net. They index lots of the web and ftp sites that provide access to tons of RPMs; their search engine is flexible and has lots of options. Thanks to Grzegorz for the reference!

 

Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.