Shortcuts

V4.1.1 Packages for Windows, Mac OS X

Firewall Builder Licensing

Firewall Builder is available under a "dual licensing" model. Under this model, users may choose between Linux packages distributed under the GNU Public License (commonly known as GPL) or MS Windows and Mac packages which are distributed under a commercial license. Users can evaluate a fully featured verision of the MS Windows and Mac packages for 30 days for free. After 30 days users can purchase a license from our online store.

More information about the Firewall Builder licensing can be found here.

V4.1.1 Source Code, V4.1.1 Packages for Linux on SourceForge

Released packages and source code tar.gz archives can be downloaded from SourceForge:
Download page on our SourceForge project site

In addition, we maintain repositories of the rpm and deb packages, including both stable releases and testing builds.

V4.1.1 package respository for Debian/Ubuntu

To access Debian/Ubuntu repository of stable packges, add the following line to the file /etc/apt/sources.list (replace "intrepid" here with "hardy" or "jaunty" depending on your version): 


deb http://www.fwbuilder.org/deb/stable/ intrepid contrib

To access Debian/Ubuntu repository of testing packges, add the following line to the file /etc/apt/sources.list (replace "intrepid" here with "hardy" or "jaunty" depending on your version): 


deb http://www.fwbuilder.org/deb/testing/ intrepid contrib

If you wish to follow only stable releases, add only the line with "/deb/stable" url.

Packages in all repositories are signed with GPG key with ID EAEE08FE "Firewall Builder Project (Package Signing Key) <pkgadmin@fwbuilder.org>". Download public key and add it to your key chain to be able to verify integrity of the packages in repositories. To add the key on Debian/Ubuntu, use the following commands: 


wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
apt-key add PACKAGE-GPG-KEY-fwbuilder.asc

Configuring debsig-verify to verify package signatures

This part is optional, although it is highly recommended in order to ensure authenticity of the installed fwbuilder packages. However, if you do not configure debsig-verify, package signatures will not be verified but apt tools will try to install them anyway.

Unfortunately it is not enough to just add the key to apt-get, you also need to install package debsig-verify and configure it. Consult one of the HOWTO guides on the Internet that describe how to set up debsig-verify tools to verify signed packages; one such guide can be found here: Signing .deb packages . See section #4 "Setup the machine(s) that will be downloading and verifying the package" in it.

Here is a brief write-up of the debsig-verify installation and configuration process.

First, you need to install debsig-verify and gpg: 


  aptitude install debsig-verify gpg

Import our key and check its fingerprint: 


gpg --import PACKAGE-GPG-KEY-fwbuilder.asc
gpg --fingerprint

gpg --fingerprint prints something like this: 


------------------------
pub   1024D/EAEE08FE 2009-05-17
      Key fingerprint = 5397 6AA1 5E71 2F74 947B  4496 EF2E DD98 EAEE 08FE
uid                  Firewall Builder Project (Package Signing Key) <pkgadmin@fwbuilder.org>
sub   2048g/FE31D386 2009-05-17

Key ID is EAEE08FE, its fingerprint is last 4 groups if hex digits in the "Key fingerprint" line: EF2EDD98EAEE08FE (remove white spaces).

Next step is to import the key into debsig keyring: 


mkdir /usr/share/debsig/keyrings/EF2EDD98EAEE08FE
gpg --no-default-keyring --keyring /usr/share/debsig/keyrings/EF2EDD98EAEE08FE/debsig.gpg --import PACKAGE-GPG-KEY-fwbuilder.asc

Now we need to create debsig-verify policy file: 


mkdir /etc/debsig/policies/EF2EDD98EAEE08FE/
vi /etc/debsig/policies/EF2EDD98EAEE08FE/fwbuilder-testing.pol

The policy file is in XML and looks like this: 


<?xml version="1.0"?>
<!DOCTYPE Policy SYSTEM "http://www.debian.org/debsig/1.0/policy.dtd">
<Policy xmlns="http://www.debian.org/debsig/1.0/">

  <Origin Name="Firewall Builder" id="EF2EDD98EAEE08FE"
          Description="Firewall Builder Package"/>

  <Selection>
    <Required Type="origin" File="debsig.gpg" id="EF2EDD98EAEE08FE"/>
  </Selection>

  <Verification MinOptional="0">
    <Required Type="origin" File="debsig.gpg" id="EF2EDD98EAEE08FE"/>
  </Verification>

</Policy>

Note how key fingerprint is used as an id in all XML elements.

apt-get, aptitude and other apt tools save downloaded packages in the directory /var/cache/apt/archives/. You can use debsig-verify to verify saved copy: 


# debsig-verify /var/cache/apt/archives/libfwbuilder_3.0.5-b961-ubuntu-hardy-1_amd64.deb 
debsig: Verified package from `package from Firewall Builder' (Firewall Builder)

Now apt-get and other apt tools will call debsig-verify to verify packages they are about to install or upgrade.

Troubleshooting .deb repository access

After this, you should be able to install and update fwbuilder packages using synaptic or aptitude.

Note that apt caches package information, so when we release new packages, they will not match cached data when you try to install them. Run apt-get update before you install or upgrade packages to refresh cached data. If you don't, you'll get "Size mismatch" error which is not very descriptive. Note that if you do this from the command line using apt-get, you'll notice that it suggests running apt-get upate, but unfortunately update manager cuts off this part of the error message. Just run apt-get update or aptitude update from the command line before doing update.

RPM packages repository

Configuring YUM

To access repository of RPM packages, create file /etc/yum.repos.d/fwbuilder.repo with the following contents: 

[fwbuilder]
name=Firewall Builder
failovermethod=priority
baseurl=http://www.fwbuilder.org/rpm/stable/fedora-$releasever-$basearch
enabled=1

[fwbuilder-testing]
name=Firewall Builder Test Builds
failovermethod=priority
baseurl=http://www.fwbuilder.org/rpm/testing/fedora-$releasever-$basearch
enabled=0
Replace fedora with rhel in baseurl lines for RedHat Enterprise Linux.

Packages in all repositories are signed with GPG key with ID EAEE08FE "Firewall Builder Project (Package Signing Key) <pkgadmin@fwbuilder.org>". Download public key and add it to your key chain to be able to verify integrity of the packages in repositories. To add the key on Fedora, use the following commands: 

wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
rpm --import PACKAGE-GPG-KEY-fwbuilder.asc

To install stable package of fwbuilder with dependencies, use command 

yum install fwbuilder

This should find and install both fwbuilder and libfwbuilder packages and dependencies.

To install latest package from the testing repository (latest nightly build), use command 

yum --enablerepo=fwbuilder-testing install fwbuilder

Configuring zypper on OpenSUSE

On OpenSUSE you can add repository to zypper using the following commands: 

zypper ar -cf -n 'Firewall Builder' \
    http://www.fwbuilder.org/rpm/stable/opensuse-11-i586/ fwbuilder
                

zypper ar -cf -n 'Firewall Builder testing' \
    http://www.fwbuilder.org/rpm/testing/opensuse-11-i586/ fwbuilder-test
Replace "i586" with "x86_64" if you run 64 bit system

Run "zypper refresh" command to actually download repository metadata after you add them.

Download and add GPG key to the key ring: 

wget http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc
rpm --import PACKAGE-GPG-KEY-fwbuilder.asc

To install stable package of fwbuilder with dependencies, use command 

zypper install fwbuilder

This should find and install both fwbuilder and libfwbuilder packages and dependencies.

To install latest package from the testing repository (latest nightly build), use command 

zypper install -r fwbuilder-test fwbuilder

Future versions of Firewall Builder: beta testing, source and binary packages for all OS

Third Party Packages

RPM Search Engines and Repositories

 

Copyright © 2000-2010 NetCitadel, LLC. All rights reserved.
 Using free CSS Templates.