The Netnice Module for Firewall Builder Patrick Myers West Virginia University.

Slides:



Advertisements
Similar presentations
Access Control List (ACL)
Advertisements

Stored procedures and views You can see definitions for stored procedures and views in the demo databases but you can’t change them. For views, expand.
DNR-322L & DNR-326.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
MZ790 Print Driver and RINC Software Install and Setup These instructions are to assist you in installation and setup of the MZ790 Print Driver and RINC.
File sharing. Connect the two win 7 systems with LAN card Open the network.
Working with SharePoint Document Libraries. What are document libraries? Document libraries are collections of files that you can share with team members.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Creating a Web Page HTML, FrontPage, Word, Composer.
Ch 8-3 Working with domains and Active Directory.
1 ADVANCED MICROSOFT WORD Lesson 15 – Creating Forms and Working with Web Documents Microsoft Office 2003: Advanced.
Advanced Tables Lesson 9. Objectives Creating a Custom Table When a table template doesn’t suit your needs, you can create a custom table in Design view.
Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Linux Operations and Administration
TUTORIAL # 2 INFORMATION SECURITY 493. LAB # 4 (ROUTING TABLE & FIREWALLS) Routing tables is an electronic table (file) or database type object It is.
Home Networking. Objectives Understand the basics Network Addressing Learn the basic hardware needed to form a home network Learn basic Firewall functionality.
Databases and LINQ Visual Basic 2010 How to Program 1.
XP New Perspectives on Introducing Microsoft Office XP Tutorial 1 1 Introducing Microsoft Office XP Tutorial 1.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
Using Visual Basic 6.0 to Create Web-Based Database Applications
London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.
Special Project Group 03 Chintan Shah Nisharg Patel Cynthia York.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
Mail merge I: Use mail merge for mass mailings Perform a complete mail merge Now you’ll walk through the process of performing a mail merge by using the.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
An Introduction to Designing and Executing Workflows with Taverna Katy Wolstencroft University of Manchester.
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
Chapter One An Introduction to Visual Basic 2010 Programming with Microsoft Visual Basic th Edition.
How to configure DNS for a Windows 2000 domain? 1.Start the Install/Remove Programs Control Panel Applet (Start - Settings - Control Panel - Add/Remove.
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
Introduction to Derby. RHS – What is Derby…? Derby is a DBMS –Database –GUI for administration –GUI for data maintenance Best part; integrated.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
An Introduction to Designing and Executing Workflows with Taverna Aleksandra Pawlik materials by: Katy Wolstencroft University of Manchester.
1 Database Design and Development: A Visual Approach © 2006 Prentice Hall Chapter 8 DATABASE DESIGN AND DEVELOPMENT: A VISUAL APPROACH Chapter 8 Creating.
240-Current Research Easily Extensible Systems, Octave, Input Formats, SOA.
Exercise Your your Library ® RefWorks: The Basics October 10, 2006.
WDO-It! 102 Workshop: Using an abstraction of a process to capture provenance UTEP’s Trust Laboratory NDR HP MP.
LANDESK SOFTWARE CONFIDENTIAL Tips and Tricks with Filters Jenny Lardh.
Information Security 493. Lab # 4 (Routing table & firewalls) Routing tables is an electronic table (file) or database type object that is stored in a.
Chapter 5 Introduction To Form Builder. Lesson A Objectives  Display Forms Builder forms in a Web browser  Use a data block form to view, insert, update,
IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.
Anritsu Automation Platform (AAP) AAP PC Connects to the system via IP connection (system switch) AAP was developed to add features that were requested.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
PAYware Transact Terminal Interface Manager
Linux Operations and Administration
When the program is first started a wizard will start to setup your Lemming App. Enter your company name and owner in the fields designated “Company Name”
Access Module Implementing a Database with Microsoft Access A Great Module on Your CD.
Source NAT Configuration Example Alcatel-Lucent Security Products Configuration Example Series.
Installing a Moodle Test Site The painless and easy way.
Copyright 2007, Paradigm Publishing Inc. BACKNEXTEND 8-1 LINKS TO OBJECTIVES Import data from another Access table Import data from another Access table.
How to use Drupal Awdhesh Kumar (Team Leader) Presentation Topic.
Exploring Taverna 2 Katy Wolstencroft myGrid University of Manchester.
Perform a complete mail merge Lesson 14 By the end of this lesson you will be able to complete the following: Use the Mail Merge Wizard to perform a basic.
Architecture Review 10/11/2004
Data Virtualization Demoette… ODBC Clients
Development Environment
Visual Basic 2010 How to Program
Business Directory REST API
Data Virtualization Tutorial: Introduction to SQL Script
Data Virtualization Tutorial… CORS and CIS
Introduction to Microsoft Access
HC Hyper-V Module GUI Portal VPS Templates Web Console
How to install and manage exchange server 2010 OP Saklani.
Presentation transcript:

The Netnice Module for Firewall Builder Patrick Myers West Virginia University

Topics of this Presentation ● Introduction to Firewall Builder ● A Quick Walk-Through of Firewall Builder ● Architecture of Firewall Builder ● The Netnice Module for Firewall Builder ● Implementation & Design of the Netnice Module ● Q & A

Introduction to Firewall Builder The Problem: ● In an environment with many different platforms, an administrator needs to be proficient with many different configuration languages ● Administrators must understand how each firewall differs in capabilities and features. ● Transition from one platform to another requires complete reconfiguration ● Good open source firewall implementations do not have decent user interfaces (iptables, ipfilter, pf)

Introduction to Firewall Builder What is Firewall Builder? ● Open Source framework and multi-platform firewall configuration tool that allows an administrator to build a policy for an abstract firewall and then translate it to an actual configuration language. ● Uses an object-oriented approach to firewall policy design ● Currently Supports – iptables – ipfilter – pf – ipfw – Cisco PIX

Introduction to Firewall Builder Firewall Builder Features ● Firewall Builder allows a user to create an abstract firewall policy within the GUI. ● The user can then compile the code for the actual firewall. ● Installing the policy on the firewall can be done one of several ways.

Introduction to Firewall Builder The Firewall Builder GUI ● Uses an object-oriented approach to present objects and rules visually ● Drag and Drop operations are allowed for working with rules and objects ● Uses standard tooltip GUI widgets ● Comes with its own library of standard objects ● Integrated network discovery wizard for quick and easy object creation

Introduction to Firewall Builder

Policy Compilers ● The policy compilers translate rules defined in the GUI into the target firewall configuration language. ● Each compiler consists of several elementary building blocks referred to as “rule processors” ● Each rule processor performs a simple procedure on the rule and then passes it on to the next rule processor.

Introduction to Firewall Builder Rule Processors ● Operations the rule processors perform include: – rule verification – transformation – optimization ● Rule processors may work on a single rule or the whole set ● Each rule processor is a C++ class. ● Rule processors can be reused in many different policy compilers

Introduction to Firewall Builder

Policy Installation ● The simplest way to install a policy on a remote firewall is to create a user defined script, copy over the code using 'scp', and then 'ssh' to execute it. ● There is also the fwbd Daemon which can be installed on a target firewall and logged into. This is the advanced way but can be easier if configured correctly. It interfaces with the GUI to log a user into the firewall and install the policy.

Introduction to Firewall Builder

Walk Through of Firewall Builder Let's now walk through Firewall Builder to get an idea of what its all about.

Walk Through of Firewall Builder Starting Firewall Builder ● When the program is started, a welcome screen appears and asks the user which file to work from.

Walk Through of Firewall Builder Main Screen ● After the user chooses where to place his new project, the main screen appears. ● It is blank since no objects have been created and you see a screen as follows:

Walk Through of Firewall Builder

Creating a Firewall ● Since the main screen is blank, we must now create a firewall object. ● We simply click on the “New Page” icon and scroll down to 'New Firewall' ● A dialog box appears as follows:

Walk Through of Firewall Builder

Firewall Templates ● We put in the name of our new firewall, platform it is running, and OS. ● We now get to choose a template to assist us in creating our firewall.

Walk Through of Firewall Builder

Firewall Options ● Since we are interest in end-host systems, we choose the 'host fw template' ● Next! ● We get more options on our firewall here:

Walk Through of Firewall Builder

Firewall Settings ● Say we want to click on our 'Firewall Settings' button before hitting 'Next'...

Walk Through of Firewall Builder

Back to the Main Page ● After finished up the Firewall Settings and the Firewall Options ● We finally get back to the main screen, but now its populated with firewall data!

Walk Through of Firewall Builder

Adding a Rule to the Policy ● Say we want to add another rule to the policy... ● We can right click in the right pane and choose insert rule. ● Then a new line pops up at the top and the screen now looks like... ->

Walk Through of Firewall Builder

Compiling the Policy ● Say the rule was exactly what we wanted and we didn't want to change a thing so we leave it and decide its time to compile. ● To compile our policy, we click on the fourth icon from the left that looks like a gear. ● And we get... ->

Walk Through of Firewall Builder

Deleting a Policy Rule ● Notice the error in the compile? ● It's because we have a duplicate rule... Rule 0 and Rule 3 are the same. ● So lets right click on Rule 0 and delete it. ● Now it should look like... ->

Walk Through of Firewall Builder

Compiling (Again) ● Now lets try compiling again... ->

Walk Through of Firewall Builder

Installing the Policy ● Great! So the policy was compiled successfully. ● Now lets install it by clicking on the icon to the right of the compile button. ● And... ->

Walk Through of Firewall Builder

Installing the Policy ● Assuming that you have set up the daemon on the firewall machine, you can now log in and install your policy on your firewall. ● If you did not configure your firewall, you simply go into the directory that you project is stored in and manually copy over the script and execute it. ● And thats how simple Firewall Builder is.

Architecture of Firewall Builder All access to objects in the Firewall Builder Network Object Database is done via C++ Application Program Interface or API. All API classes are organized into several sub- modules: – fwbuilder - Base API classes providing access to objects in the database as well as a few utility classes. – fwcompiler - Policy Compiler classes. Provides common classes used to construct Policy Compilers for supported firewall platforms. – fwbd – Client library, written in C, used to connect to Firewall Builder Daemon.

Architecture of Firewall Builder – XML storage and manipulation - provides classes for loading and saving XML files. – DNS - a collection of classes that provide methods to resolve host names into IP addresses (both for a single queries and bulk queries), transfer and parse DNS zones. All operations are thread-safe. – SNMP - a simple C++ wrapper for SNMP operations. Special classes exist for a high level queries such as extracting information about interfaces, ARP tables, routing tables. All operations are thread-safe.

Architecture of Firewall Builder – Network Crawler - a sophisticated network discovery process. Given a ’seed’ host it finds other hosts and networks and creates corresponding objects. Crawler can be restricted to a single subnet; other restrictions can be applied as well. Network discovery simplifies the task of entering hosts and networks into the network object database.

Architecture of Firewall Builder

● The GUI – Written using GTK+ Toolkit – Incorporates drag and drop technique – Allows user to create policy on an abstract firewall – Supports both global and interface policies ● XML Storage – Stores all Firewall object data. – Stores FWBuilder Preferences.

Architecture of Firewall Builder ● Policy Compiler – Compiles the policy into the target firewall configuration language. – Checks for errors and duplications – Able to optimize the policy ● Policy Installer – Interfaces with the FWBuilder Daemon running on the target firewall using the fwbd classes. – Creates a user friendly GUI to install the policy.

The Netnice Module for Firewall Builder This module will be an add-on to Firewall Builder that will allow a user to create firewall rules, compile them within, and apply them to a machine with Netnice Packet Filter installed.

The Netnice Module for Firewall Builder The basic features of this module will include: ● Module to process rules that are associated with specific Netnice VIF ● Compiler to support groups of objects and services in the GUI ● Compiler to support ‘Accept’, ‘Deny’, ‘Reject’ actions ● Compiler to process rules that are associated with packets going inbound or outbound. ● Compiler to apply rules to all Netnice interfaces on a ‘global’ Netnice machine if specific rules for any interface is not specified ● Compiler to process rules with negation ● Compiler to create a log file for which rules were processed for each interface

The Netnice Module for Firewall Builder The advanced features of this module will include: ● Compiler to detect many common error in interface configuration ● Compiler to optimize configuration by detecting rules that have already occurred in the policy ● Compiler to use two models for the generated configuration: it will be able to generate rules for inbound and outbound packets, or it can permit all outbound packets and only generate rules for inbound packets. The choice will be applied in the GUI. ● Compiler to support ‘address range’ object ● Options for logging can be set for global and/or individual rules.

The Netnice Module for Firewall Builder Interface Support: ● Compiler to support interfaces with dynamic address ● Compiler can configure actual interfaces using addresses of the firewall object as it is configured in the GUI

The Netnice Module for Firewall Builder

Implementation and Design of Module The GUI ● Built separate from the firewall platform modules ● Combo boxes are populated from XML data ● But GUI still contains references to specific firewall platforms ● Each firewall platform has its own classes and settings UI. To Do ● Netnice GUI classes will need to be created. ● References will need to be modified to include netnice. ● UI for firewall setting will need to be created.

Implementation and Design of Module XML Datafiles ● Stores object information and preferences. To Do ● Netnice firewall platform information needs to be added into the XML files. ● Add Netnice path information. ● Add Netnice OS information.

Implementation and Design of Module Policy Compilers ● The policy compilers translate rules defined in the GUI into the target firewall configuration language. ● Specific to each firewall platform. ● Some compilers support NAT To Do ● Create fwcompiler classes for netnice ● Create a policy compiler for netnice ● NAT support not needed for end-host use.

Implementation and Design of Module Generated Code ● The policy compilers create a file containing the generated code. ● Specific to each firewall platform. To Do ● File format will follow BPF convention ● Placed in default folder under Firewall Builder

Implementation and Design of Module Policy Installation ● User script or daemon installs generated code onto actual firewall ● Each firewall platform has specific instructions and scripting classes To Do ● Explore ease to which the daemon can be ported to a netnice platform ● Create scripting classes to be used to create a user- executed script that will install the code to the /proc/network directory on the netnice machine for each VIF

Q & A Ask me some questions!

Downloads You can download a PDF version of this presentation and the paper it summarizes at: – – Thank you for your time.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.