Benutzer-Werkzeuge

Webseiten-Werkzeuge


tachtler:firewallbuilder

Dies ist eine alte Version des Dokuments!


FirewallBuilder

Der FirewallBuilder ist ein grafisches Programm, welches einen X-Server benötigt um via Drag&Drop Firewall-Regeln für verschiedene Typen von Firewalls zu erstellen. Dabei ist die einfache, grafische Bedienung einer der größten Vorteile beim erstellen selbst komplexer Regelsätze, was enorm Zeitsparend ist und dazu keine detaillierten Kenntnisse der Firewall-Syntax voraussetzt.

:!: HINWEIS - Nachfolgend soll die Installation und eine mögliche Einbettung in eine bestehendes Betriebssystem veranschaulicht werden !!!

:!: WICHTIG - Es werden weder eine Komplettlösungen, noch eine Anleitungen für eine komplette Firewall-Konfiguration gegeben !!!

:!: HINWEIS - Mehr Informationen zum gezielten Einsatz, können unter nachfolgenden Link bezogen werden:

Ab hier werden zur Ausführung nachfolgender Befehle root-Rechte benötigt. Um der Benutzer root zu werden, melden Sie sich bitte als root-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer root:

$ su -
Password:

Voraussetzungen

Um den FirewallBuilder einsetzen zu können, müssen nachfolgende Voraussetzungen gegeben sein:

  • Ein installiertes CentOS Version 6.0 Betriebssystem
  • mit einem installierten und gestarteten lauffähigen X-Server und
  • eine Internet-Verbindung

:!: HINWEIS - Die Installation soll durch Einbindung eines externen Repositories erfolgen, wie nachfolgen beschrieben!

Installation

Zur Einbindung des externen Repositories von http://www.fwbuilder.org kann mit nachfolgendem Befehl eine weitere Konfigurationsdatei für yum, den Paket-Manager von CentOS, erstellt werden und diese dann ebenfalls mit nachfolgendem Inhalt erstellt werden (Basiskenntnisse des Datei-Editors vi bzw. vim werden vorausgesetzt):

# vim /etc/yum.repos.d/fwbuilder.repo
[fwbuilder]
name=Firewall Builder
failovermethod=priority
baseurl=http://packages.fwbuilder.org/rpm/stable/rhel-$releasever-$basearch
enabled=1
 
[fwbuilder-testing]
name=Firewall Builder Test Builds
failovermethod=priority
baseurl=http://packages.fwbuilder.org/rpm/testing/rhel-$releasever-$basearch
enabled=0

:!: HINWEIS - Auf den Einsatz des yum-plugin-priorities, wird in dieser Beschreibung verzichtet !!!

Nachfolgend können die von yum, den Paket-Manager von CentOS, bereits zwischengespeicherten Informationen, welche bei der Nutzung von yum zu einem früheren Zeitpunkt bereits ermittelt wurden, mit nachfolgenden Befehl gelöscht werden, um eine Neuermittlung aller verfügbaren Paketinformationen durchzuführen:

# yum clean all
Loaded plugins: fastestmirror, refresh-packagekit
Cleaning up Everything
Cleaning up list of fastest mirrors

Bevor die eigentlichen Installation des FirewallBuilder beginnen kann, sollte aus Sicherheitsaspekten, der GPG-Schlüssel noch in yum, den Paket-Manager von CentOS, importiert werden, was mit nachfolgendem Befehl durchgeführt werden kann (Es wird von der Vertrauenswürdigkeit des Download-Links des GPG-Schlüssels ausgegangen):

# rpm --import http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc

:!: HINWEIS - Es erfolgt KEINE Ausgabe einer Bestätigung, dass der GPG-Schlüssel importiert wurde !!!

Um das Importieren des GPG-Schlüssels zu überprüfen, kann nachfolgender Befehl verwendet werden, welcher ebenfalls nachfolgende Ausgabe erzeugen sollte. (Der als erstes aufgelistete GPG-Schlüssel, sollte hinzugekommen sein!):

# rpm -qa gpg-pubkey
gpg-pubkey-eaee08fe-4a0f5464
gpg-pubkey-c105b9de-4e0fd3a3

Die eigentliche Installation wird nun durch ausführen des nachfolgenden Befehls durchgeführt, welcher auch gleichzeitig die Aktualisierung aller Paket-Informationen durch yum, den Paket-Manager von CentOS, in diesem Fall durchführt:

# yum install fwbuilder
Loaded plugins: fastestmirror, refresh-packagekit
Determining fastest mirrors
 * base: centos.intergenia.de
 * extras: centos.intergenia.de
 * updates: centos.intergenia.de
base                                                     | 3.7 kB     00:00     
base/primary_db                                          | 4.2 MB     00:04     
extras                                                   |  951 B     00:00     
extras/primary                                           |  203 B     00:00     
fwbuilder                                                |  951 B     00:00     
fwbuilder/primary                                        | 1.4 kB     00:00     
fwbuilder                                                                   1/1
updates                                                  | 3.5 kB     00:00     
updates/primary_db                                       | 3.3 MB     00:16     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package fwbuilder.x86_64 0:5.0.0.3568-1.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package          Arch          Version                  Repository        Size
================================================================================
Installing:
 fwbuilder        x86_64        5.0.0.3568-1.el6         fwbuilder         10 M

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 10 M
Installed size: 36 M
Is this ok [y/N]: y
Downloading Packages:
fwbuilder-5.0.0.3568-1.el6.x86_64.rpm                    |  10 MB     00:09     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : fwbuilder-5.0.0.3568-1.el6.x86_64                        1/1 

Installed:
  fwbuilder.x86_64 0:5.0.0.3568-1.el6                                           

Complete!

Mit nachfolgendem Befehl kann überprüft werden, welcher Inhalte mit den Paket fwbuilder installiert wurden.

# rpm -qil fwbuilder
Name        : fwbuilder                    Relocations: (not relocatable)
Version     : 5.0.0.3568                        Vendor: NetCitadel LLC., http://sourceforge.net/project/showfiles.php?group_id=5314
Release     : 1.el6                         Build Date: Tue 26 Jul 2011 01:32:04 PM CEST
Install Date: Thu 18 Aug 2011 06:09:11 PM CEST      Build Host: rhel6-64.vk.crocodile.org
Group       : Applications/System           Source RPM: fwbuilder-5.0.0.3568-1.el6.src.rpm
Size        : 38199494                         License: GPL2
Signature   : DSA/SHA1, Thu 28 Jul 2011 02:05:21 AM CEST, Key ID ef2edd98eaee08fe
Packager    : Vadim Kurland <vadim@fwbuilder.org>
URL         : http://www.fwbuilder.org/
Summary     : Firewall Builder
Description :
Firewall Builder consists of a GUI and set of policy compilers for
various firewall platforms. It helps users maintain a database of
objects and allows policy editing using simple drag-and-drop
operations. GUI generates firewall description in the form of XML
file, which compilers then interpret and generate platform-specific
code. Several algorithms are provided for automated network objects
discovery and bulk import of data. The GUI and policy compilers are
completely independent, this provides for a consistent abstract model
and the same GUI for different firewall platforms.
/usr/bin/fwb_iosacl
/usr/bin/fwb_ipf
/usr/bin/fwb_ipfw
/usr/bin/fwb_ipt
/usr/bin/fwb_pf
/usr/bin/fwb_pix
/usr/bin/fwb_procurve_acl
/usr/bin/fwbedit
/usr/bin/fwbuilder
/usr/share/applications/fwbuilder.desktop
/usr/share/doc/fwbuilder-5.0.0.3568
/usr/share/doc/fwbuilder-5.0.0.3568/AUTHORS
/usr/share/doc/fwbuilder-5.0.0.3568/COPYING
/usr/share/doc/fwbuilder-5.0.0.3568/ChangeLog
/usr/share/doc/fwbuilder-5.0.0.3568/Credits
/usr/share/doc/fwbuilder-5.0.0.3568/FWBuilder-Routing-LICENSE.txt
/usr/share/doc/fwbuilder-5.0.0.3568/PatchAcceptancePolicy.txt
/usr/share/doc/fwbuilder-5.0.0.3568/README.floppyfw
/usr/share/doc/fwbuilder-5.0.0.3568/README.iosacl
/usr/share/doc/fwbuilder-5.0.0.3568/README.ipf
/usr/share/doc/fwbuilder-5.0.0.3568/README.ipfw
/usr/share/doc/fwbuilder-5.0.0.3568/README.ipt
/usr/share/doc/fwbuilder-5.0.0.3568/README.pf
/usr/share/doc/fwbuilder-5.0.0.3568/README.pix
/usr/share/doc/fwbuilder-5.0.0.3568/README.pix_routing
/usr/share/doc/fwbuilder-5.0.0.3568/README.policy_import
/usr/share/doc/fwbuilder-5.0.0.3568/README.routing
/usr/share/fwbuilder-5.0.0.3568
/usr/share/fwbuilder-5.0.0.3568/configlets
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_port
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/carp_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/ifconfig_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/pfsync_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/shell_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/tools
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_addresses
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_bridge
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_carp
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_pfsync
/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_vlans
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/check_utilities
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/routing_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/check_utilities
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/routing_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/carp_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/ifconfig_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_bridge_port
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_carp_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_ifconfig_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_pfsync_interface
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/routing_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/tools
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_3_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_3_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_post_config
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_pre_config
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ntp
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_3_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/snmp
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ssh
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_3_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_2
/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_3_2
/usr/share/fwbuilder-5.0.0.3568/configlets/ios
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_post_config
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_pre_config
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/safety_net_acl
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/ios/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/automatic_rules
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/shell_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_addresses
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bonding
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bridge
/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_vlans
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/activation
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw
/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/automatic_rules
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/block_action
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/check_utilities
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/conntrack
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/constants
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/ip_forwarding
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/load_modules
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/prolog_epilog_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/reset_iptables
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/routing_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_address_tables
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_wrappers
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_restore
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_shell
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_single_rule
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/shell_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/status_action
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/stop_action
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_addresses
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bonding
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bridge
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_vlans
/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/verify_interfaces
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/tools
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/routing_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/tools
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/check_utilities
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/load_modules
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/pf
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/activation
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_activation
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/pf/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_6
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_7
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_6
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_7
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_post_config
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_pre_config
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ntp
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_6
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_7
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/snmp
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ssh
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_6
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_7
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_6
/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_7
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_post_config
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_pre_config
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/safety_net_acl
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/top_comment
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/management_rules
/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/kernel_vars
/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/tools
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_reg_user
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_root
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/script_skeleton
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/shell_functions
/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/top_comment
/usr/share/fwbuilder-5.0.0.3568/fwbuilder.dtd
/usr/share/fwbuilder-5.0.0.3568/help
/usr/share/fwbuilder-5.0.0.3568/help/en_US
/usr/share/fwbuilder-5.0.0.3568/help/en_US/cluster_interfaces.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/create_and_add_to_group.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcopAdvancedDialog.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcoposAdvancedDialog.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipfw_Classify.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptAdvancedDialog.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Branch.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Classify.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Route.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Tag.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_rule_options.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/linux24AdvancedDialog.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/main.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/new_bridge_interfaces.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pfAdvancedDialog.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Branch.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Classify.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Route.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Tag.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_rule_options.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-group-1.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-groups-mapping.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-1.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-mapping.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.0.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.1.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.0.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.1.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.2.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.3.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.0.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.1.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.2.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_5.0.0.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/state_sync_configuration.png
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip01.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip02.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip03.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip04.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip05.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip06.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip07.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip08.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip09.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip10.html
/usr/share/fwbuilder-5.0.0.3568/help/en_US/vlan_interfaces.png
/usr/share/fwbuilder-5.0.0.3568/migration
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.0.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.1.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.10.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.11.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.12.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.13.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.14.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.2.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.3.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.4.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.5.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.6.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.7.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.8.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.9.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.0.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.1.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.2.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.3.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.4.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.5.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.0.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.1.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.2.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_10.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_11.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_12.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_13.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_14.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_15.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_16.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_17.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_18.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_19.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.0.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.1.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.10.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.11.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.12.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.2.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.3.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.4.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.5.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.6.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.7.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.8.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.9.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.99.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.0.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.1.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.10.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.11.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.12.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.13.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.14.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.15.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.16.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.17.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.18.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.19.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.2.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.3.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.4.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.5.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.6.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.7.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.8.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.9.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.99.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_20.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_21.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_3.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_4.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_5.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_6.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_7.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_8.xslt
/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_9.xslt
/usr/share/fwbuilder-5.0.0.3568/objects_init.xml
/usr/share/fwbuilder-5.0.0.3568/os
/usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-jffs.xml
/usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-nvram.xml
/usr/share/fwbuilder-5.0.0.3568/os/endian.xml
/usr/share/fwbuilder-5.0.0.3568/os/freebsd.xml
/usr/share/fwbuilder-5.0.0.3568/os/fwsm_os.xml
/usr/share/fwbuilder-5.0.0.3568/os/ios.xml
/usr/share/fwbuilder-5.0.0.3568/os/ipcop.xml
/usr/share/fwbuilder-5.0.0.3568/os/linux24.xml
/usr/share/fwbuilder-5.0.0.3568/os/macosx.xml
/usr/share/fwbuilder-5.0.0.3568/os/oneshield.xml
/usr/share/fwbuilder-5.0.0.3568/os/openbsd.xml
/usr/share/fwbuilder-5.0.0.3568/os/openwrt.xml
/usr/share/fwbuilder-5.0.0.3568/os/pix_os.xml
/usr/share/fwbuilder-5.0.0.3568/os/procurve.xml
/usr/share/fwbuilder-5.0.0.3568/os/secuwall.xml
/usr/share/fwbuilder-5.0.0.3568/os/solaris.xml
/usr/share/fwbuilder-5.0.0.3568/os/sveasoft.xml
/usr/share/fwbuilder-5.0.0.3568/os/unknown_os.xml
/usr/share/fwbuilder-5.0.0.3568/platform
/usr/share/fwbuilder-5.0.0.3568/platform/fwsm.xml
/usr/share/fwbuilder-5.0.0.3568/platform/iosacl.xml
/usr/share/fwbuilder-5.0.0.3568/platform/ipf.xml
/usr/share/fwbuilder-5.0.0.3568/platform/ipfw.xml
/usr/share/fwbuilder-5.0.0.3568/platform/iptables.xml
/usr/share/fwbuilder-5.0.0.3568/platform/pf.xml
/usr/share/fwbuilder-5.0.0.3568/platform/pix.xml
/usr/share/fwbuilder-5.0.0.3568/platform/procurve_acl.xml
/usr/share/fwbuilder-5.0.0.3568/platform/unknown.xml
/usr/share/fwbuilder-5.0.0.3568/resources.xml
/usr/share/fwbuilder-5.0.0.3568/templates.xml
/usr/share/icons/hicolor/128x128/apps/fwbuilder.png
/usr/share/icons/hicolor/16x16/apps/fwbuilder.png
/usr/share/icons/hicolor/24x24/apps/fwbuilder.png
/usr/share/icons/hicolor/256x256/apps/fwbuilder.png
/usr/share/icons/hicolor/32x32/apps/fwbuilder.png
/usr/share/icons/hicolor/48x48/apps/fwbuilder.png
/usr/share/icons/hicolor/512x512/apps/fwbuilder.png
/usr/share/icons/hicolor/72x72/apps/fwbuilder.png
/usr/share/man/man1/fwb_iosacl.1.gz
/usr/share/man/man1/fwb_ipf.1.gz
/usr/share/man/man1/fwb_ipfw.1.gz
/usr/share/man/man1/fwb_ipt.1.gz
/usr/share/man/man1/fwb_pf.1.gz
/usr/share/man/man1/fwb_pix.1.gz
/usr/share/man/man1/fwbedit.1.gz
/usr/share/man/man1/fwbuilder.1.gz

Repository spiegeln

Ähnlich wie bei nachfolgendem Eintrag innerhalb dieses DokuWiki's,

kann auch das Repository des Firewallbuilders gespiegelt werden.

Allerdings handelt es sich hierbei nicht um einen Respository-Server, welcher klassisch mit rsync gespiegelt werden kann, vielmehr soll mit nachfolgendem Script aufgezeigt werden, wie dies unter Zuhilfenahme des Programms wget realisiert werden könnte.

:!: HINWEIS - Dies ist nur eine Möglichkeit!

Nachfolgend das Script, welches das Repository des Firewallbuilders für CentOS ab der Version 6.x spiegelt:

#!/bin/bash
 
##############################################################################
# Script-Name : wget_fwbuilder_el6.sh                                        #
# Description : Script to sync via rsync command repositorys from official   #
#               mirror servers. On successful execution only a LOG file will #
#               be written. On error while execution, a LOG file and a error #
#               message will be send by e-mail.                              #
#                                                                            #
# Last update : 11.01.2012                                                   #
# Version     : 1.00                                                         #
#                                                                            #
# Author      : Klaus Tachtler, <klaus@tachtler.net>                         #
# DokuWiki    : http://www.dokuwiki.tachtler.net                             #
# Homepage    : http://www.tachtler.net                                      #
#                                                                            #
#  +----------------------------------------------------------------------+  #
#  | This program is free software; you can redistribute it and/or modify |  #
#  | it under the terms of the GNU General Public License as published by |  #
#  | the Free Software Foundation; either version 2 of the License, or    |  #
#  | (at your option) any later version.                                  |  #
#  +----------------------------------------------------------------------+  #
#                                                                            #
# Copyright (c) 2012 by Klaus Tachtler.                                      #
#                                                                            #
##############################################################################
 
##############################################################################
#                                H I S T O R Y                               #
##############################################################################
# Version     : x.xx                                                         #
# Description : <Description>                                                #
# -------------------------------------------------------------------------- #
# Version     : x.xx                                                         #
# Description : <Description>                                                #
# -------------------------------------------------------------------------- #
##############################################################################
 
##############################################################################
# >>> Please edit following lines for personal command and/or repositorys. ! #
##############################################################################
 
# CUSTOM - Script-Name.
SCRIPT_NAME='wget_fwbuilder_el6'
 
# CUSTOM - Command-Line.
WGET_CMDOPTS='-r -nH --cut-dirs=2 --no-parent --reject index.htm* '
 
# CUSTOM - Repository-Mirrors.
REPO_SOURCE1='http://packages.fwbuilder.org/rpm/stable/rhel-6-i686/'
REPO_SOURCE2='http://packages.fwbuilder.org/rpm/stable/rhel-6-x86_64/'
REPO_TARGET='/data/repository/private/Mirrors/fwbuilder/rpm/stable'
 
# CUSTOM - Mail-Recipient.
MAIL_RECIPIENT='root@tachtler.net'
 
# CUSTOM - Status-Mail [Y|N].
MAIL_STATUS='N'
 
##############################################################################
# >>> Normaly there is no need to change anything below this comment line. ! #
##############################################################################
 
# Variables.
WGET_COMMAND=`command -v wget`
TOUCH_COMMAND=`command -v touch`
RM_COMMAND=`command -v rm`
PROG_SENDMAIL=`command -v sendmail`
CAT_COMMAND=`command -v cat`
DATE_COMMAND=`command -v date`
MKDIR_COMMAND=`command -v mkdir`
LN_COMMAND=`command -v ln`
FILE_LOCK='/tmp/'$SCRIPT_NAME'.lock'
FILE_LOG='/var/log/'$SCRIPT_NAME'.log'
FILE_LAST_LOG='/tmp/'$SCRIPT_NAME'.log'
FILE_MAIL='/tmp/'$SCRIPT_NAME'.mail'
VAR_HOSTNAME=`uname -n`
VAR_SENDER='root@'$VAR_HOSTNAME
VAR_EMAILDATE=`$DATE_COMMAND '+%a, %d %b %Y %H:%M:%S (%Z)'`
 
# Functions.
function log() {
        echo $1
        echo `$DATE_COMMAND '+%Y/%m/%d %H:%M:%S'` " INFO:" $1 >>${FILE_LAST_LOG}
}
 
function retval() {
if [ "$?" != "0" ]; then
        case "$?" in
        1)
                log "ERROR: Generic error code."
        ;;
        2)
                log "ERROR: Parse error---for instance, when parsing command-line options, the .wgetrc or .netrc..."
        ;;
        3)
                log "ERROR: File I/O error."
        ;;
        4)
                log "ERROR: Network failure."
        ;;
        5)
                log "ERROR: SSL verification failure."
        ;;
        6)
                log "ERROR: Username/password authentication failure."
        ;;
        7)
                log "ERROR: Protocol errors."
        ;;
        8)
                log "ERROR: Server issued an error response."
        ;;
        *)
                log "ERROR: Unknown error $?"
        ;;
        esac
fi
}
 
function movelog() {
        $CAT_COMMAND $FILE_LAST_LOG >> $FILE_LOG
        $RM_COMMAND -f $FILE_LAST_LOG
        $RM_COMMAND -f $FILE_LOCK
}
 
function sendmail() {
        case "$1" in
        'STATUS')
                MAIL_SUBJECT='Status execution '$SCRIPT_NAME' script.'
        ;;
        *)
                MAIL_SUBJECT='ERROR while execution '$SCRIPT_NAME' script !!!'
        ;;
        esac
 
$CAT_COMMAND <<MAIL >$FILE_MAIL
Subject: $MAIL_SUBJECT
Date: $VAR_EMAILDATE
From: $VAR_SENDER
To: $MAIL_RECIPIENT
 
MAIL
 
$CAT_COMMAND $FILE_LAST_LOG >> $FILE_MAIL
 
$PROG_SENDMAIL -f $VAR_SENDER -t $MAIL_RECIPIENT < $FILE_MAIL
 
$RM_COMMAND -f $FILE_MAIL
 
}
 
# Main.
log ""
log "+-----------------------------------------------------------------+"
log "| Start synchronisation from official repository server (mirror). |"
log "+-----------------------------------------------------------------+"
log ""
log "Run script with following parameter:"
log ""
log "SCRIPT_NAME...: $SCRIPT_NAME"
log ""
log "WGET_CMDOPTS..: $WGET_CMDOPTS"
log ""
log "REPO_SOURCE1..: $REPO_SOURCE1"
log "REPO_SOURCE2..: $REPO_SOURCE2"
log "REPO_TARGET...: $REPO_TARGET"
log ""
log "MAIL_RECIPIENT: $MAIL_RECIPIENT"
log "MAIL_STATUS...: $MAIL_STATUS"
log ""
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$WGET_COMMAND" ]; then
        log "Check if command '$WGET_COMMAND' was found.................[FAILED]"
        sendmail ERROR
        movelog
        exit 10
else
        log "Check if command '$WGET_COMMAND' was found.................[  OK  ]"
fi
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$TOUCH_COMMAND" ]; then
        log "Check if command '$TOUCH_COMMAND' was found....................[FAILED]"
        sendmail ERROR
        movelog
        exit 11
else
        log "Check if command '$TOUCH_COMMAND' was found....................[  OK  ]"
fi
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$RM_COMMAND" ]; then
        log "Check if command '$RM_COMMAND' was found.......................[FAILED]"
        sendmail ERROR
        movelog
        exit 12
else
        log "Check if command '$RM_COMMAND' was found.......................[  OK  ]"
fi
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$CAT_COMMAND" ]; then
        log "Check if command '$CAT_COMMAND' was found......................[FAILED]"
        sendmail ERROR
        movelog
        exit 13
else
        log "Check if command '$CAT_COMMAND' was found......................[  OK  ]"
fi
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$DATE_COMMAND" ]; then
        log "Check if command '$DATE_COMMAND' was found.....................[FAILED]"
        sendmail ERROR
        movelog
        exit 14
else
        log "Check if command '$DATE_COMMAND' was found.....................[  OK  ]"
fi
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$MKDIR_COMMAND" ]; then
        log "Check if command '$MKDIR_COMMAND' was found....................[FAILED]"
        sendmail ERROR
        movelog
        exit 15
else
        log "Check if command '$MKDIR_COMMAND' was found....................[  OK  ]"
fi
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$LN_COMMAND" ]; then
        log "Check if command '$LN_COMMAND' was found.......................[FAILED]"
        sendmail ERROR
        movelog
        exit 16
else
        log "Check if command '$LN_COMMAND' was found.......................[  OK  ]"
fi
 
# Check if command (file) NOT exist OR IS empty.
if [ ! -s "$PROG_SENDMAIL" ]; then
        log "Check if command '$PROG_SENDMAIL' was found............[FAILED]"
        sendmail ERROR
        movelog
        exit 17
else
        log "Check if command '$PROG_SENDMAIL' was found............[  OK  ]"
fi
 
# Check if LOCK file NOT exist.
if [ ! -e "$FILE_LOCK" ]; then
        log "Check if script is NOT already runnig .....................[  OK  ]"
 
        $TOUCH_COMMAND $FILE_LOCK
else
        log "Check if script is NOT already runnig .....................[FAILED]"
        log ""
        log "ERROR: The script was already running, or LOCK file already exists!"
        log ""
        sendmail ERROR
        movelog
        exit 20
fi
 
# Check if REPO_TARGET Directory NOT exists.
if [ ! -d "$REPO_TARGET" ]; then
        log "Check if REPO_TARGET exists................................[FAILED]"
        log ""
        log " INFO: Creating REPO_TARGET!"
        log " INFO: --> "$REPO_TARGET
        log ""
 
        $MKDIR_COMMAND -p $REPO_TARGET
else
        log "Check if REPO_TARGET exists................................[  OK  ]"
fi
 
# Start syncing.
log ""
log "+-----------------------------------------------------------------+"
log "| Run synchronizing $SCRIPT_NAME repository................ |"
log "+-----------------------------------------------------------------+"
log ""
 
log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE1"
$WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE1
 
$RM_COMMAND -f $REPO_TARGET/index.htm*
 
log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE2"
$WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE2
 
$RM_COMMAND -f $REPO_TARGET/index.htm*
 
cd /root/bin
 
if [ "$?" != 0 ]; then
        retval $?
        log ""
        $RM_COMMAND -f $FILE_LOCK
        sendmail ERROR
        movelog
        exit 99
else
        log ""
        log "+-----------------------------------------------------------------+"
        log "| End synchronizing $SCRIPT_NAME repository................ |"
        log "+-----------------------------------------------------------------+"
        log ""
fi
 
# Finish syncing.
log "+-----------------------------------------------------------------+"
log "| Finish......................................................... |"
log "+-----------------------------------------------------------------+"
log ""
 
# Status e-mail.
if [ $MAIL_STATUS = 'Y' ]; then
        sendmail STATUS
fi
# Move temporary log to permanent log
movelog
 
exit 0

Erster Start

Nach der erfolgreichen Installation, kann der FirewallBuilder mit nachfolgendem Befehl aus einer shell heraus, gestartet werden:

# fwbuilder
Firewall Builder GUI 5.0.0.3568

Es sollte das nachfolgend darstellte Fenster erscheinen:

FirewallBuilder - Hauptfenster

Regelinstallation

Damit der FirewallBuilder Regeln auf verschiedene „Firewalls“

  • kopieren

und

  • installieren

kann, sind nachfolgende Schritte notwendig!

Regelinstallation: Benutzer

Aus Sicherheitsgründen, sollte ein bestimmter Benutzer zur Verwaltung von Firewall-Regelsätzen angelegt werden. Dies bringt natürlich einen gewissen Mehraufwand mit sich, welcher jedoch in Kauf genommen werden sollte.

:!: WICHTIG - Dieser Benutzer muss auf ALLEN Firewalls UND auf dem FirewallBuilder-Server selbst angelegt werden !!!

Es soll eine Gruppe:

  • fwadmin

angelegt werden, und ein Benutzer:

  • fwadmin

angelegt werden unter dem die gesamte Verwaltung der Firewall-Regelsätze erfolgen soll.

Um eine neue Gruppe anzulegen, kann nachfolgender Befehl genutzt werden:

# groupadd -g 599 fwadmin

Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte:

# cat /etc/group | grep 599
fwadmin:x:599:

Um eine neuen Benutzer anzulegen, kann nachfolgender Befehl genutzt werden:

# useradd -c "FirewallBuilder" -g 599 -m -s /bin/bash -u 599 fwadmin

Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte:

# cat /etc/passwd | grep 599
fwadmin:x:599:599:FirewallBuilder:/home/fwadmin:/bin/bash

Abschließend muss noch ein Passwort für den Benutzer fwadmin mit nachfolgendem Befehl gesetzt werden:

# passwd fwadmin
Changing password for user fwadmin.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Regelinstallation: Public-Key

:!: HINWEIS - Aus Sicherheitsgründen, sollte auch SSH-Schlüsselpaar für den Benutzer erzeugt werden !!!

Bitte lesen Sie dazu nachfolgenden internen Dokuwiki-Eintrag:

Regelinstallation: Preferences

Um den FirewallBuilder zur Installation eines Firewall-Regelwerks nutzen zu können, müssen einige Parameter im FirewallBuilder hinterlegt werden.

Als erstes sollte eine Verzeichnis im home-Verzeichnis des soeben angelegten Benutzers fwadmin mit nachfolgendem Befehl angelegt werden, welches zur Aufnahme von Daten des FirewallBuilder dient:

# mkdir /home/fwadmin/fwb

Dieses soeben erstellte Verzeichnis, kann dann im FirewallBuilder unter dem Menüpunkt

  • Edit | Preferences | General

unter

  • Working directory bzw.
  • Data directory

eingetragen werden.

FirewallBuilder - Edit - Preferences - General

:!: HINWEIS - Weitere Einstellungen, können je nach Umgebung getroffen werden !!!

Firewall

Nach der Neuanlage einer Firewall durch den FirewallBuilder (welche durch eine Assistenten erfolgen kann), sollte noch ein Verzeichnis auf dem Server angelegt werden auf dem der FirewallBuilder installiert ist.

Dies kann mit nachfolgendem Befehl durchgeführt werden und sollte ebenfalls unter dem Benutzer fwadmin erfolgen:

# mkdir /home/fwadmin/fw

:!: HINWEIS - Dies ist der Speicherort für alle Firewalls, welche durch den FirewallBuilder verwaltet werden!

Firewall Settings: Compiler

In den Einstellungen der Firewall, können unter dem Reiter Compiler nachfolgende Einstellungen durchgeführt werden:

Feldname Standard-Wert Neuer Wert
Output file name /home/fwadmin/fw/firewallname.fw

 FirewallBuilder - Firewall Settings - Compiler

Firewall Settings: Installer

In den Einstellungen der Firewall, können unter dem Reiter Installer nachfolgende Einstellungen durchgeführt werden:

Feldname Standard-Wert Neuer Wert
Directory on the firewall where script should be installed /home/fwadmin/fw
User name used to authenticate to the firewall fwadmin
Alternative name or address used to commincate with the firewall 192.168.0.20
Additional command line parameters for ssh -p 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder
Additional command line parameters for scp -P 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder

 FirewallBuilder - Firewall Settings - Installer

Firewall Settings: Prolog/Epilog

In den Einstellungen der Firewall, können unter dem Reiter Prolog/Epilog nachfolgende Einstellungen durchgeführt werden:

Feldname Standard-Wert Neuer Wert
The following command will be added varbatim after generated configuration swervice iptables save

FirewallBuilder - Firewall Settings - Prolog/Epilog

:!: HINWIES - Die nachfolgenden Reiter, können unverändert belassen werden !!!

/etc/sudoers

Nachfolgende Änderung, MUSS auf JEDER Firewall durchgeführt werden, um den Firewall-Regelsatz auch ausführen zu können!

Die Konfigurationsdatei

  • /etc/sudoers

sollte mit nachfolgendem Befehl

# visudo

wie folgt ergänzt werden (nur relevanter Ausschnitt):

...
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
 
# Tachtler
%fwadmin ALL = PASSWD: /home/fwadmin/fw/firewallname.fw
...

:!: HINWEIS - Falls die entsprechende Firewall nicht direkt, mit einer route erreichbar ist, kann auch nachfolgende Konfiguration nötig sein!

...
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
 
# Tachtler
Defaults:fwadmin !requiretty
%fwadmin ALL = NOPASSWD: /home/fwadmin/fw/firewallname.fw
...
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
tachtler/firewallbuilder.1339414668.txt.gz · Zuletzt geändert: 2012/06/11 13:37 von klaus