![open gui firewall builder linux open gui firewall builder linux](https://opensource.com/sites/default/files/pictures/brian-yurasits-empty-plastic-water-bottle.jpg)
Unfortunately typos and more significant errors in firewall or router access list configurations lead to either service downtime or security problems, both expensive in terms of damage and time required to fix.įirewall Builder (also known as fwbuilder, ) is a universal firewall configuration and management tool that lets you define security policy on a higher level of abstraction and hides internal structure of the target firewall platform. This is where making changes get complicated and probability of human error increases. Things get significantly more difficult in the installations using different OS and platforms where the administrator needs to switch from netfilter/iptables to PF to Cisco routers and ASA to implement coordinated changes across multiple devices. To do the job right, they need to understand internal path of the packet inside Linux or BSD kernel and its interaction with different parts of packet filtering engine. Administrator who manages netfilter/iptables, PF or Cisco firewall all the time quickly becomes an expert in their platform of choice. Even though the configuration language can be complex and overwhelming with its multitude of features and options, this is not the most difficult problem in my opinion. Unfortunately, managing security policy manually with all of these remains non-trivial task for several reasons. All these are powerful implementations with rich feature set and good performance. They could use netfilter/iptables on Linux, PF, ipfilter, ipfw on OpenBSD and FreeBSD, Cisco ASA (PIX) and other commercial solutions. Systems administrators have a choice of modern Open Source and commercial firewall platforms at their disposal. This is the first article in the mini-series of two articles about Firewall Builder.