Wednesday, July 27, 2011

Firewall Builder 5 - Officially Released

The team at NetCitadel is happy to share that today we released our latest version called Firewall Builder 5. This release includes several enhancements to the GUI and adds a number of new features designed to make it easier for users with large data files to manage their objects.

New features in this release include:
  • User defined subfolders
  • Keywords for tagging objects
  • Dynamic groups with smart filters
  • Multiple operations per filter rule
  • Attached Networks object
  • Import support for PF configuration files
Thanks to everyone that helped beta test Firewall Builder 5. You can find more information about this release in the release notes.

Sunday, July 17, 2011

Linux Journal - Firewall Builder for HA Clusters

An article I wrote for the May 2011 issue of the Linux Journal is now available in the free online LJ content. The article gives detailed step-by-step instructions for implementing High Availability (HA) Linux firewall pairs using iptables, keepalived, conntrackd and of course Firewall Builder.

Tuesday, July 5, 2011

Firewall Builder 5 - Attached Networks

Firewall Builder 5 includes a new feature called Attached Network objects. These new objects are child objects of firewall interface objects and act like a group object that automatically includes all of the IP networks that are associated the IP addresses assigned to the interface that the Attached Network object was created under.
Once created the Attached Network object can be used in firewall rules just like regular group objects and can be created under interfaces that are configured with either static or dynamic IP addresses. This makes it easy to refer to all the networks that are directly attached to a particular firewall interface.
Let's look at a quick example. Suppose I have a firewall that includes interface eth0 which is configured with static IP addresses and If I want to create a rule that allows traffic from the local network on eth0 to the firewall itself currently I could either use two network objects in the rule's Source or create a Group object that includes these networks and use that in the rule's Source.
Now with Attached Networks I can simply create a new Attached Network child object under eth0 and use that in the rule's Source. This Attached Network object will include both the and networks and if I add a new static IP address to eth0 the Attached Network object will automatically update with the IP network of the new IP address.
You can find more information about creating and using Attached Networks in the Firewall Builder 5 Users Guide here.