What is Firewall Builder?

Firewall Builder is multi-platform firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF as well as Cisco PIX and Cisco IOS extended access lists.

The latest version of Firewall Builder is 3.0

List of features implemented in 3.0 can be found here.
Also do not miss new slideshows demonstrating capabilities of Firewall Builder 3.0

Key Features

• Being truly vendor-neutral, Firewall Builder can generate configuration file for any supported target firewall platform from the same policy created in its GUI. This provides for both consistent policy management solution for heterogeneous environments and possible migration path.
• Policy compiler for PIX, which recently has been released under GPL, allows Firewall Builder to function as a sophisticated policy management software for Cisco PIX firewall with access to all functions of PIX including newest features added in v7.x.
• Policy compiler for Cisco IOS Access Lists adds support for router access lists and turns Firewall Builder into complete solution for the multi-tiered network security.
• Firewall Builder allows for management of multiple firewalls using the same network object database. Change made to an object is immediately reflected in the policy of all firewalls using this object. Administrator only needs to recompile and install policies on actual firewall machines.
• Built-in interactive installer uses ssh to communicated with the firewall and can automatically copy generated policy and activate it. Installer supports batch mode of operation and can update policy on multiple firewalls in one session.
• In Firewall Builder, administrator works with an abstraction of firewall policy and NAT rules; software effectively "hides" specifics of particular target firewall platform and helps administrator focus on implementation of security policy. Backend software components, or policy compilers, can deduct many parameters of policy rules using information available through network and service objects and therefore generate fairly complex code for the target firewall, thus relieving administrator from having to remember all its details and limitations. Policy compilers can also run sanity checks on firewall rules and make sure typical errors are caught before generated policy is deployed.

Firewall Builder is distributed under dual license model.