Chapter 12. Integration with OS Running on the Firewall Machine

Firewall Builder can generate a firewall script in the format tailored for a specific OS or for distributions running on the firewall. This helps integrate generated firewall configuration with startup scripts and other parts of the system-wide configuration of the OS running on the firewall. As of v4.0, Firewall Builder comes with this support for OpenWRT, DD-WRT, and Sveasoft firmwares for small firewall appliances (Linksys, DLink, and others), it also has experimental integration with IPCOP and derivatives. Integration with Secunet Wall firewall is provided and supported by Security Networks AG, Germany.

A script generated by Firewall Builder can have different format or even add or skip certain parts, depending on the chosen target firewall OS. You can switch from one OS to another using "Host OS" setting in the firewall object dialog.

12.1. Generic Linux OS

A script generated by Firewall Builder for a generic Linux firewall has a standard structure per LSB ("Linux Standard Base Core Specification 3.1"). The script supports command-line arguments "start", "stop", "status", "reload". In addition to these, it also understands arguments "interfaces" and "test_interfaces". The script can be placed in the /etc/init.d/ directory among other initialization scripts; however, at this time this is not the default. The script does not have standard "INIT INFO" header for the chkconfig (or similar) utility. Mostly, this is because different Linux distributions use slightly different format of this header and different utilities to manage start-up scripts and Firewall Builder does not yet allow the user to specify which Linux distribution is running on the firewall machine. This support may improve in the future.

See Section 12.7 for the recommended methods of making the firewall script installed by Firewall Builder run at the system start-up.

The generated script is assembled from parts defined in configlets located in /usr/share/fwbuilder-4.0.0/configlets/linux24/script_skeleton. You can modify it following instructions in Chapter 13.


Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.