8.7. Compiling and Installing firewall policies

Once you have a policy created, you need to compile it into a script that can run on your target device. You then need to install it on that device.

Let's walk through compiling and installing a simple iptables firewall onto a Linux machine. Here is the access policy of the firewall:

To compile it, select the firewall icon, then select Rules/Compile.

Select your firewall in the dialog. If your object file has more than one firewall, you will see an entry for each firewall. To compile several of them at once, just check the checkboxes.

Click Next.

A dialog appears that tracks the status of the compile. If everything goes well, the output will look something like this:

If you get an error, see Section 12.3.

To see the created script, look in the same directory as your .fwb file. The file will be called <firewallName>.fw. (If you changed your default directory in the Preferences, then the generated script will be there instead.)

Create directory /etc/fw/ on your firewall.

Now let's install the script using Firewall Builder's "install" functionality. Select Rules/Install.

The following dialog appears:

Make sure the Install checkbox is checked, then click Next. The following dialog appears:

Enter the root username and password for the device, and specify the IP address of the management interface of the device. The first time you test your firewall, it's best to leave the Test run checkbox checked. If something goes wrong, you have only to reboot your device to get back the old configuration. If, however, you want your policy to be permanent on the device, uncheck this box.

Then click OK.

If everything goes well, the following dialog appears and reports success. (If not, it will report failure. The log will tell you what went wrong. If the error is unclear, see Section 12.3.)

Log into the firewall to see the policy in place. For iptables, run sudo iptables -L.