Wednesday, December 29, 2010

MErging libfwbuilder and fwbuilder

Hello all,

we plan to merge libfwbuilder and fwbuilder packages into one "fwbuilder" package to simplify package management and make installation easier for the users. Libfwbuilder will become a directory inside fwbuilder code tree and all executables will link with it statically. This reduces number of files we install in different parts of the file system and makes it easier for the users to both build from source and to install binary packages. The change is planned to go live in the next release of fwbuilder tentatively numbered "4.2" some time in the next month or two.

The change only affects our Linux and FreeBSD/OpenBSD packages.

The side effect of this change is that we won't install header files and dynamic libraries and won't make libfwbuilder-devel package anymore.

Please let me know asap if you have any code that depends on these files or know of a project that does.


Tuesday, December 21, 2010

Happy Holidays and Year in Review

As we head in to the holiday season Vadim and I wanted to wish everyone in the Firewall Builder community Happy Holidays! The end of the year also provides a good opportunity to pause and reflect so we thought we would share some of our thoughts about 2010.

It has been a very exciting year for both NetCitadel and the Firewall Builder project. The fireworks started in May when Firewall Builder version 4.0 was released. This was a major release that brought critical new features such as support for high availability cluster configurations as well as continuing to improve the stability and usability of Firewall Builder.

That was followed in August with V4.1 which included features like support for iptables ipset and integrated SSH/SCP clients for Windows packages. Since then we have released a few patch releases and have been working on adding new features to Firewall Builder.

While a large percentage of the community has already upgraded to V4.x to our surprise we still run into users that are running versions as old as Firewall Builder V2.0! If you are running a version below V4.0 we hope that you upgrade in 2011!

In the fall we announced the availability of support contracts for open source users. This was part of our push to expand the products and services NetCitadel provides around the Firewall Builder project. We plan to offer more products and services in 2011, stay tuned for more information soon.

In addition to the product enhancements we have continued to work to improve in other areas as well. We have been adding more documentation and have updated our website to make it easier to find the information you are looking for and for new users to figure out what we do. We expect to do much more of that in the coming year.

Finally, we wanted to say thank you to our customers who have supported us this year by purchasing a commercial Firewall Builder license or open source support contract. Our goal is to provide the best firewall management solution available and we are confident you will see lots of exciting progress in 2011!

Mike & Vadim

Wednesday, December 15, 2010

Fun with NAT

The inspiration for our latest cookbook recipe, "Double" NAT (Source and Destination Translation), came from a user support request. Due to some complicating factors in the user's network they needed to NAT inbound windows remote desktop connections with both a source and destination NAT.

You can read the cookbook recipe of how to configure "double" NAT here:

Double NAT Cookbook Recipe

Btw, the user was in Australia and was a joy to work with. If you are out there and reading this, you know who you are...

Monday, December 6, 2010

Firewall Builder V4.1.3 Released

We are happy to announce that Firewall Builder V4.1.3 is now available! This release includes a number of usability improvements and bug fixes.

In our ongoing efforts to make Firewall Builder easier to use for both new users and power users this release includes the following usability improvements:
  • an Advanced User mode which reduces the number of tooltips for power users

  • a new policy rule checkbox to define whether new rules have logging enabled or disabled by default

In addition to these enhancements there are also a number of bug fixes in this release including:
  • better support for Windows systems that use Putty sessions

  • fixed generated IP broadcast addresses for interfaces

  • branch rules in a member firewall are now properly imported when a cluster is created

  • cluster NAT rules on Linux cluster members now properly generate rules with iptables REDIRECT target

A complete listing of enhancements and bug fixes can be found in the V4.1.3 release notes on the Firewall Builder website.

V4.1.3 Release Notes

Friday, December 3, 2010

Quick Tip: Color coding rules

One thing that always amazes me when users send us data files is how they use color coding to identify different rule types. Sometimes it's easy to see what their color coding methodology, other times it just looks like a big rainbow to me :-)

If you aren't already using color coding you can learn about it in this Quick Tip:

Quick Tip: Color Code Rules