Benutzer-Werkzeuge

Webseiten-Werkzeuge


tachtler:firewallbuilder

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
tachtler:firewallbuilder [2014/03/14 16:03] – [/etc/sudoers] klaustachtler:firewallbuilder [Unbekanntes Datum] (aktuell) – gelöscht - Externe Bearbeitung (Unbekanntes Datum) 127.0.0.1
Zeile 1: Zeile 1:
-====== FirewallBuilder ====== 
- 
-[[tachtler:FirewallBuilder|{{:tachtler:index:fwbuilder-48x48.png }}]] Der [[http://www.fwbuilder.org/|FirewallBuilder]] ist ein grafisches Programm, welches einen **X-Server** benötigt um via Drag&Drop Firewall-Regeln für verschiedene Typen von Firewalls zu erstellen. Dabei ist die einfache, grafische Bedienung einer der größten Vorteile beim erstellen selbst komplexer Regelsätze, was enorm Zeitsparend ist und dazu **keine detaillierten Kenntnisse der Firewall-Syntax** voraussetzt. 
- 
-:!: **HINWEIS** - **Nachfolgend soll die Installation und eine mögliche Einbettung in eine bestehendes Betriebssystem veranschaulicht werden !!!** 
- 
-:!: **WICHTIG** - **Es werden weder eine Komplettlösungen, noch eine Anleitungen für eine komplette Firewall-Konfiguration gegeben !!!** 
- 
-:!: **HINWEIS** - **Mehr Informationen zum gezielten Einsatz, können unter nachfolgenden Link bezogen werden:** 
-  * **[[http://www.fwbuilder.org|http://www.fwbuilder.org - Dokumentationen]]** 
- 
-Ab hier werden zur Ausführung nachfolgender Befehle **''root''**-Rechte benötigt. Um der Benutzer ''root'' zu werden, melden Sie sich bitte als ''root''-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer ''root'': 
-<code> 
-$ su - 
-Password: 
-</code> 
- 
-===== Voraussetzungen ===== 
- 
-Um den [[http://www.fwbuilder.org/|FirewallBuilder]] einsetzen zu können, müssen nachfolgende **Voraussetzungen** gegeben sein: 
-  * Ein installiertes [[http://www.centos.org|CentOS]] **Version 6.0** Betriebssystem 
-  * mit einem installierten und gestarteten lauffähigen **X-Server** und 
-  * eine **Internet-Verbindung**  
- 
-:!: **HINWEIS** - Die Installation soll durch **Einbindung eines __externen__ Repositories** erfolgen, wie nachfolgen beschrieben! 
- 
-===== Installation ===== 
- 
-Zur Einbindung des **__externen Repositories__** von [[http://www.fwbuilder.org|http://www.fwbuilder.org]] kann mit nachfolgendem Befehl eine weitere Konfigurationsdatei für **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], erstellt werden und diese dann ebenfalls mit nachfolgendem Inhalt erstellt werden (**Basiskenntnisse des Datei-Editors ''vi'' bzw. ''vim'' werden vorausgesetzt**): 
-<code ini> 
-# vim /etc/yum.repos.d/fwbuilder.repo 
-[fwbuilder] 
-name=Firewall Builder 
-failovermethod=priority 
-baseurl=http://packages.fwbuilder.org/rpm/stable/rhel-$releasever-$basearch 
-enabled=1 
- 
-[fwbuilder-testing] 
-name=Firewall Builder Test Builds 
-failovermethod=priority 
-baseurl=http://packages.fwbuilder.org/rpm/testing/rhel-$releasever-$basearch 
-enabled=0 
-</code> 
- 
-:!: **HINWEIS** - **Auf den Einsatz des ''yum-plugin-priorities'', wird in dieser Beschreibung verzichtet !!!** 
- 
-Nachfolgend können die von **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], bereits zwischengespeicherten Informationen, welche bei der Nutzung von **''yum''** zu einem früheren Zeitpunkt bereits ermittelt wurden, mit nachfolgenden Befehl gelöscht werden, um eine Neuermittlung aller verfügbaren Paketinformationen durchzuführen: 
-<code> 
-# yum clean all 
-Loaded plugins: fastestmirror, refresh-packagekit 
-Cleaning up Everything 
-Cleaning up list of fastest mirrors 
-</code> 
- 
-Bevor die eigentlichen Installation des [[http://www.fwbuilder.org|FirewallBuilder]] beginnen kann, sollte aus **Sicherheitsaspekten**, der **GPG**-Schlüssel noch in **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], importiert werden, was mit nachfolgendem Befehl durchgeführt werden kann (**Es wird von der Vertrauenswürdigkeit des Download-Links des __GPG__-Schlüssels ausgegangen**): 
-<code> 
-# rpm --import http://www.fwbuilder.org/PACKAGE-GPG-KEY-fwbuilder.asc 
-</code> 
- 
-:!: **HINWEIS** - **Es erfolgt __KEINE__ Ausgabe einer Bestätigung, dass der __GPG__-Schlüssel importiert wurde !!!** 
- 
-Um das **Importieren** des **GPG**-Schlüssels zu überprüfen, kann nachfolgender Befehl verwendet werden, welcher ebenfalls nachfolgende Ausgabe erzeugen sollte. (**Der als erstes aufgelistete __GPG__-Schlüssel, sollte hinzugekommen sein!**): 
-<code> 
-# rpm -qa gpg-pubkey 
-gpg-pubkey-eaee08fe-4a0f5464 
-gpg-pubkey-c105b9de-4e0fd3a3 
-</code> 
- 
-Die **eigentliche Installation** wird nun durch ausführen des nachfolgenden Befehls durchgeführt, welcher auch gleichzeitig die Aktualisierung aller Paket-Informationen durch **''yum''**, den Paket-Manager von [[http://www.centos.org|CentOS]], __**in diesem Fall**__ durchführt: 
-<code> 
-# yum install fwbuilder 
-Loaded plugins: fastestmirror, refresh-packagekit 
-Determining fastest mirrors 
- * base: centos.intergenia.de 
- * extras: centos.intergenia.de 
- * updates: centos.intergenia.de 
-base                                                     | 3.7 kB     00:00      
-base/primary_db                                          | 4.2 MB     00:04      
-extras                                                    951 B     00:00      
-extras/primary                                            203 B     00:00      
-fwbuilder                                                |  951 B     00:00      
-fwbuilder/primary                                        | 1.4 kB     00:00      
-fwbuilder                                                                   1/1 
-updates                                                  | 3.5 kB     00:00      
-updates/primary_db                                       | 3.3 MB     00:16      
-Setting up Install Process 
-Resolving Dependencies 
---> Running transaction check 
----> Package fwbuilder.x86_64 0:5.0.0.3568-1.el6 set to be updated 
---> Finished Dependency Resolution 
- 
-Dependencies Resolved 
- 
-================================================================================ 
- Package          Arch          Version                  Repository        Size 
-================================================================================ 
-Installing: 
- fwbuilder        x86_64        5.0.0.3568-1.el6         fwbuilder         10 M 
- 
-Transaction Summary 
-================================================================================ 
-Install       1 Package(s) 
-Upgrade       0 Package(s) 
- 
-Total download size: 10 M 
-Installed size: 36 M 
-Is this ok [y/N]: y 
-Downloading Packages: 
-fwbuilder-5.0.0.3568-1.el6.x86_64.rpm                    |  10 MB     00:09      
-Running rpm_check_debug 
-Running Transaction Test 
-Transaction Test Succeeded 
-Running Transaction 
-  Installing     : fwbuilder-5.0.0.3568-1.el6.x86_64                        1/1  
- 
-Installed: 
-  fwbuilder.x86_64 0:5.0.0.3568-1.el6                                            
- 
-Complete! 
-</code> 
- 
-Mit nachfolgendem Befehl kann überprüft werden, welcher Inhalte mit den Paket **''fwbuilder''** installiert wurden. 
-<code> 
-# rpm -qil fwbuilder 
-Name        : fwbuilder                    Relocations: (not relocatable) 
-Version     : 5.0.0.3568                        Vendor: NetCitadel LLC., http://sourceforge.net/project/showfiles.php?group_id=5314 
-Release     : 1.el6                         Build Date: Tue 26 Jul 2011 01:32:04 PM CEST 
-Install Date: Thu 18 Aug 2011 06:09:11 PM CEST      Build Host: rhel6-64.vk.crocodile.org 
-Group       : Applications/System           Source RPM: fwbuilder-5.0.0.3568-1.el6.src.rpm 
-Size        : 38199494                         License: GPL2 
-Signature   : DSA/SHA1, Thu 28 Jul 2011 02:05:21 AM CEST, Key ID ef2edd98eaee08fe 
-Packager    : Vadim Kurland <vadim@fwbuilder.org> 
-URL         : http://www.fwbuilder.org/ 
-Summary     : Firewall Builder 
-Description : 
-Firewall Builder consists of a GUI and set of policy compilers for 
-various firewall platforms. It helps users maintain a database of 
-objects and allows policy editing using simple drag-and-drop 
-operations. GUI generates firewall description in the form of XML 
-file, which compilers then interpret and generate platform-specific 
-code. Several algorithms are provided for automated network objects 
-discovery and bulk import of data. The GUI and policy compilers are 
-completely independent, this provides for a consistent abstract model 
-and the same GUI for different firewall platforms. 
-/usr/bin/fwb_iosacl 
-/usr/bin/fwb_ipf 
-/usr/bin/fwb_ipfw 
-/usr/bin/fwb_ipt 
-/usr/bin/fwb_pf 
-/usr/bin/fwb_pix 
-/usr/bin/fwb_procurve_acl 
-/usr/bin/fwbedit 
-/usr/bin/fwbuilder 
-/usr/share/applications/fwbuilder.desktop 
-/usr/share/doc/fwbuilder-5.0.0.3568 
-/usr/share/doc/fwbuilder-5.0.0.3568/AUTHORS 
-/usr/share/doc/fwbuilder-5.0.0.3568/COPYING 
-/usr/share/doc/fwbuilder-5.0.0.3568/ChangeLog 
-/usr/share/doc/fwbuilder-5.0.0.3568/Credits 
-/usr/share/doc/fwbuilder-5.0.0.3568/FWBuilder-Routing-LICENSE.txt 
-/usr/share/doc/fwbuilder-5.0.0.3568/PatchAcceptancePolicy.txt 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.floppyfw 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.iosacl 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.ipf 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.ipfw 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.ipt 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.pf 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.pix 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.pix_routing 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.policy_import 
-/usr/share/doc/fwbuilder-5.0.0.3568/README.routing 
-/usr/share/fwbuilder-5.0.0.3568 
-/usr/share/fwbuilder-5.0.0.3568/configlets 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/bridge_port 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/carp_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/ifconfig_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/pfsync_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/shell_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/tools 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_addresses 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_bridge 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_carp 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_pfsync 
-/usr/share/fwbuilder-5.0.0.3568/configlets/bsd/update_vlans 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/check_utilities 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/routing_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-jffs/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/check_utilities 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/routing_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/dd-wrt-nvram/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/carp_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/ifconfig_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_bridge_port 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_carp_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_ifconfig_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/rc_conf_pfsync_interface 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/routing_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/freebsd/tools 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_commands_3_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/failover_interface_3_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_post_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_pre_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ntp 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/regular_interface_3_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/snmp 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/ssh 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_parent_interface_3_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/fwsm_os/vlan_subinterface_3_2 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ios 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_post_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_pre_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ios/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ios/safety_net_acl 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ios/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ios/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/automatic_rules 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/shell_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_addresses 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bonding 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_bridge 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipcop/update_vlans 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipf 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/activation 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipf/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/ipfw/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/automatic_rules 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/block_action 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/check_utilities 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/conntrack 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/constants 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/ip_forwarding 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/load_modules 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/prolog_epilog_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/reset_iptables 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/routing_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_address_tables 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/run_time_wrappers 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_restore 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_iptables_shell 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_body_single_rule 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/shell_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/status_action 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/stop_action 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_addresses 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bonding 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_bridge 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/update_vlans 
-/usr/share/fwbuilder-5.0.0.3568/configlets/linux24/verify_interfaces 
-/usr/share/fwbuilder-5.0.0.3568/configlets/macosx 
-/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/macosx/tools 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/routing_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openbsd/tools 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/check_utilities 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/load_modules 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/openwrt/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pf 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pf/activation 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_activation 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pf/rc_conf_top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pf/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pf/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_6 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_commands_7 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_6 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/failover_interface_7 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_post_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_pre_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ntp 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_6 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/regular_interface_7 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/snmp 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/ssh 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_6 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_parent_interface_7 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_6 
-/usr/share/fwbuilder-5.0.0.3568/configlets/pix_os/vlan_subinterface_7 
-/usr/share/fwbuilder-5.0.0.3568/configlets/procurve 
-/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_post_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_pre_config 
-/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/safety_net_acl 
-/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/procurve/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall 
-/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/management_rules 
-/usr/share/fwbuilder-5.0.0.3568/configlets/secuwall/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/solaris 
-/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/kernel_vars 
-/usr/share/fwbuilder-5.0.0.3568/configlets/solaris/tools 
-/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft 
-/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_reg_user 
-/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/installer_commands_root 
-/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/script_skeleton 
-/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/shell_functions 
-/usr/share/fwbuilder-5.0.0.3568/configlets/sveasoft/top_comment 
-/usr/share/fwbuilder-5.0.0.3568/fwbuilder.dtd 
-/usr/share/fwbuilder-5.0.0.3568/help 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/cluster_interfaces.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/create_and_add_to_group.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcopAdvancedDialog.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipcoposAdvancedDialog.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/ipfw_Classify.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptAdvancedDialog.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Branch.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Classify.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Route.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_Tag.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/iptables_rule_options.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/linux24AdvancedDialog.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/main.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/new_bridge_interfaces.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pfAdvancedDialog.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Branch.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Classify.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Route.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_Tag.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pf_rule_options.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-group-1.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-failover-groups-mapping.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-1.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/pix-statesync-group-mapping.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.0.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.0.1.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.0.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.1.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.2.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.1.3.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.0.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.1.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_4.2.2.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/release_notes_5.0.0.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/state_sync_configuration.png 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip01.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip02.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip03.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip04.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip05.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip06.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip07.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip08.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip09.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/tip10.html 
-/usr/share/fwbuilder-5.0.0.3568/help/en_US/vlan_interfaces.png 
-/usr/share/fwbuilder-5.0.0.3568/migration 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.0.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.1.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.10.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.11.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.12.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.13.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.14.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.2.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.3.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.4.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.5.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.6.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.7.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.8.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.10.9.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.0.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.1.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.2.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.3.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.4.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_0.9.5.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.0.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.1.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_1.0.2.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_10.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_11.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_12.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_13.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_14.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_15.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_16.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_17.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_18.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_19.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.0.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.1.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.10.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.11.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.12.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.2.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.3.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.4.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.5.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.6.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.7.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.8.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.9.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.0.99.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.0.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.1.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.10.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.11.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.12.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.13.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.14.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.15.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.16.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.17.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.18.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.19.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.2.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.3.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.4.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.5.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.6.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.7.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.8.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.9.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_2.1.99.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_20.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_21.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_3.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_4.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_5.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_6.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_7.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_8.xslt 
-/usr/share/fwbuilder-5.0.0.3568/migration/FWObjectDatabase_9.xslt 
-/usr/share/fwbuilder-5.0.0.3568/objects_init.xml 
-/usr/share/fwbuilder-5.0.0.3568/os 
-/usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-jffs.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/dd-wrt-nvram.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/endian.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/freebsd.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/fwsm_os.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/ios.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/ipcop.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/linux24.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/macosx.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/oneshield.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/openbsd.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/openwrt.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/pix_os.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/procurve.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/secuwall.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/solaris.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/sveasoft.xml 
-/usr/share/fwbuilder-5.0.0.3568/os/unknown_os.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform 
-/usr/share/fwbuilder-5.0.0.3568/platform/fwsm.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/iosacl.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/ipf.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/ipfw.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/iptables.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/pf.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/pix.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/procurve_acl.xml 
-/usr/share/fwbuilder-5.0.0.3568/platform/unknown.xml 
-/usr/share/fwbuilder-5.0.0.3568/resources.xml 
-/usr/share/fwbuilder-5.0.0.3568/templates.xml 
-/usr/share/icons/hicolor/128x128/apps/fwbuilder.png 
-/usr/share/icons/hicolor/16x16/apps/fwbuilder.png 
-/usr/share/icons/hicolor/24x24/apps/fwbuilder.png 
-/usr/share/icons/hicolor/256x256/apps/fwbuilder.png 
-/usr/share/icons/hicolor/32x32/apps/fwbuilder.png 
-/usr/share/icons/hicolor/48x48/apps/fwbuilder.png 
-/usr/share/icons/hicolor/512x512/apps/fwbuilder.png 
-/usr/share/icons/hicolor/72x72/apps/fwbuilder.png 
-/usr/share/man/man1/fwb_iosacl.1.gz 
-/usr/share/man/man1/fwb_ipf.1.gz 
-/usr/share/man/man1/fwb_ipfw.1.gz 
-/usr/share/man/man1/fwb_ipt.1.gz 
-/usr/share/man/man1/fwb_pf.1.gz 
-/usr/share/man/man1/fwb_pix.1.gz 
-/usr/share/man/man1/fwbedit.1.gz 
-/usr/share/man/man1/fwbuilder.1.gz 
-</code> 
- 
-===== Repository spiegeln ===== 
- 
-Ähnlich wie bei nachfolgendem Eintrag innerhalb dieses DokuWiki's,  
-  * [[tachtler:repository_spiegeln_centos_6|Repository spiegeln CentOS 6]] 
-kann auch das **Repository** des [[http://www.fwbuilder.org|Firewallbuilders]] gespiegelt werden.  
- 
-Allerdings handelt es sich hierbei nicht um einen Respository-Server, welcher **klassisch** mit **''rsync''** gespiegelt werden kann, vielmehr soll mit nachfolgendem Script aufgezeigt werden, wie dies unter Zuhilfenahme des Programms **''wget''** realisiert werden könnte. 
- 
-:!: **HINWEIS** - **Dies ist __nur__ eine Möglichkeit!** 
- 
-Nachfolgend das Script, welches das Repository des [[http://www.fwbuilder.org|Firewallbuilders]] für [[http://centos.org|CentOS]] ab der **Version 6.x** spiegelt: 
-<code bash> 
-#!/bin/bash 
- 
-############################################################################## 
-# Script-Name : wget_fwbuilder_el6.sh                                        # 
-# Description : Script to sync via rsync command repositorys from official   # 
-#               mirror servers. On successful execution only a LOG file will # 
-#               be written. On error while execution, a LOG file and a error # 
-#               message will be send by e-mail.                              # 
-#                                                                            # 
-# Last update : 11.01.2012                                                   # 
-# Version     : 1.00                                                         # 
-#                                                                            # 
-# Author      : Klaus Tachtler, <klaus@tachtler.net>                         # 
-# DokuWiki    : http://www.dokuwiki.tachtler.net                             # 
-# Homepage    : http://www.tachtler.net                                      # 
-#                                                                            # 
-#  +----------------------------------------------------------------------+  # 
-#  | This program is free software; you can redistribute it and/or modify |  # 
-#  | it under the terms of the GNU General Public License as published by |  # 
-#  | the Free Software Foundation; either version 2 of the License, or    |  # 
-#  | (at your option) any later version.                                  |  # 
-#  +----------------------------------------------------------------------+  # 
-#                                                                            # 
-# Copyright (c) 2012 by Klaus Tachtler.                                      # 
-#                                                                            # 
-############################################################################## 
- 
-############################################################################## 
-#                                H I S T O R Y                               # 
-############################################################################## 
-# Version     : x.xx                                                         # 
-# Description : <Description>                                                # 
-# -------------------------------------------------------------------------- # 
-# Version     : x.xx                                                         # 
-# Description : <Description>                                                # 
-# -------------------------------------------------------------------------- # 
-############################################################################## 
- 
-############################################################################## 
-# >>> Please edit following lines for personal command and/or repositorys. ! # 
-############################################################################## 
- 
-# CUSTOM - Script-Name. 
-SCRIPT_NAME='wget_fwbuilder_el6' 
- 
-# CUSTOM - Command-Line. 
-WGET_CMDOPTS='-r -nH --cut-dirs=2 --no-parent --reject index.htm* ' 
- 
-# CUSTOM - Repository-Mirrors. 
-REPO_SOURCE1='http://packages.fwbuilder.org/rpm/stable/rhel-6-i686/' 
-REPO_SOURCE2='http://packages.fwbuilder.org/rpm/stable/rhel-6-x86_64/' 
-REPO_TARGET='/data/repository/private/Mirrors/fwbuilder/rpm/stable' 
- 
-# CUSTOM - Mail-Recipient. 
-MAIL_RECIPIENT='root@tachtler.net' 
- 
-# CUSTOM - Status-Mail [Y|N]. 
-MAIL_STATUS='N' 
- 
-############################################################################## 
-# >>> Normaly there is no need to change anything below this comment line. ! # 
-############################################################################## 
- 
-# Variables. 
-WGET_COMMAND=`command -v wget` 
-TOUCH_COMMAND=`command -v touch` 
-RM_COMMAND=`command -v rm` 
-PROG_SENDMAIL=`command -v sendmail` 
-CAT_COMMAND=`command -v cat` 
-DATE_COMMAND=`command -v date` 
-MKDIR_COMMAND=`command -v mkdir` 
-LN_COMMAND=`command -v ln` 
-FILE_LOCK='/tmp/'$SCRIPT_NAME'.lock' 
-FILE_LOG='/var/log/'$SCRIPT_NAME'.log' 
-FILE_LAST_LOG='/tmp/'$SCRIPT_NAME'.log' 
-FILE_MAIL='/tmp/'$SCRIPT_NAME'.mail' 
-VAR_HOSTNAME=`uname -n` 
-VAR_SENDER='root@'$VAR_HOSTNAME 
-VAR_EMAILDATE=`$DATE_COMMAND '+%a, %d %b %Y %H:%M:%S (%Z)'` 
- 
-# Functions. 
-function log() { 
-        echo $1 
-        echo `$DATE_COMMAND '+%Y/%m/%d %H:%M:%S'` " INFO:" $1 >>${FILE_LAST_LOG} 
-} 
- 
-function retval() { 
-if [ "$?" != "0" ]; then 
-        case "$?" in 
-        1) 
-                log "ERROR: Generic error code." 
-        ;; 
-        2) 
-                log "ERROR: Parse error---for instance, when parsing command-line options, the .wgetrc or .netrc..." 
-        ;; 
-        3) 
-                log "ERROR: File I/O error." 
-        ;; 
-        4) 
-                log "ERROR: Network failure." 
-        ;; 
-        5) 
-                log "ERROR: SSL verification failure." 
-        ;; 
-        6) 
-                log "ERROR: Username/password authentication failure." 
-        ;; 
-        7) 
-                log "ERROR: Protocol errors." 
-        ;; 
-        8) 
-                log "ERROR: Server issued an error response." 
-        ;; 
-        *) 
-                log "ERROR: Unknown error $?" 
-        ;; 
-        esac 
-fi 
-} 
- 
-function movelog() { 
-        $CAT_COMMAND $FILE_LAST_LOG >> $FILE_LOG 
-        $RM_COMMAND -f $FILE_LAST_LOG 
-        $RM_COMMAND -f $FILE_LOCK 
-} 
- 
-function sendmail() { 
-        case "$1" in 
-        'STATUS') 
-                MAIL_SUBJECT='Status execution '$SCRIPT_NAME' script.' 
-        ;; 
-        *) 
-                MAIL_SUBJECT='ERROR while execution '$SCRIPT_NAME' script !!!' 
-        ;; 
-        esac 
- 
-$CAT_COMMAND <<MAIL >$FILE_MAIL 
-Subject: $MAIL_SUBJECT 
-Date: $VAR_EMAILDATE 
-From: $VAR_SENDER 
-To: $MAIL_RECIPIENT 
- 
-MAIL 
- 
-$CAT_COMMAND $FILE_LAST_LOG >> $FILE_MAIL 
- 
-$PROG_SENDMAIL -f $VAR_SENDER -t $MAIL_RECIPIENT < $FILE_MAIL 
- 
-$RM_COMMAND -f $FILE_MAIL 
- 
-} 
- 
-# Main. 
-log "" 
-log "+-----------------------------------------------------------------+" 
-log "| Start synchronisation from official repository server (mirror). |" 
-log "+-----------------------------------------------------------------+" 
-log "" 
-log "Run script with following parameter:" 
-log "" 
-log "SCRIPT_NAME...: $SCRIPT_NAME" 
-log "" 
-log "WGET_CMDOPTS..: $WGET_CMDOPTS" 
-log "" 
-log "REPO_SOURCE1..: $REPO_SOURCE1" 
-log "REPO_SOURCE2..: $REPO_SOURCE2" 
-log "REPO_TARGET...: $REPO_TARGET" 
-log "" 
-log "MAIL_RECIPIENT: $MAIL_RECIPIENT" 
-log "MAIL_STATUS...: $MAIL_STATUS" 
-log "" 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$WGET_COMMAND" ]; then 
-        log "Check if command '$WGET_COMMAND' was found.................[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 10 
-else 
-        log "Check if command '$WGET_COMMAND' was found.................[  OK  ]" 
-fi 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$TOUCH_COMMAND" ]; then 
-        log "Check if command '$TOUCH_COMMAND' was found....................[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 11 
-else 
-        log "Check if command '$TOUCH_COMMAND' was found....................[  OK  ]" 
-fi 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$RM_COMMAND" ]; then 
-        log "Check if command '$RM_COMMAND' was found.......................[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 12 
-else 
-        log "Check if command '$RM_COMMAND' was found.......................[  OK  ]" 
-fi 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$CAT_COMMAND" ]; then 
-        log "Check if command '$CAT_COMMAND' was found......................[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 13 
-else 
-        log "Check if command '$CAT_COMMAND' was found......................[  OK  ]" 
-fi 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$DATE_COMMAND" ]; then 
-        log "Check if command '$DATE_COMMAND' was found.....................[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 14 
-else 
-        log "Check if command '$DATE_COMMAND' was found.....................[  OK  ]" 
-fi 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$MKDIR_COMMAND" ]; then 
-        log "Check if command '$MKDIR_COMMAND' was found....................[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 15 
-else 
-        log "Check if command '$MKDIR_COMMAND' was found....................[  OK  ]" 
-fi 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$LN_COMMAND" ]; then 
-        log "Check if command '$LN_COMMAND' was found.......................[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 16 
-else 
-        log "Check if command '$LN_COMMAND' was found.......................[  OK  ]" 
-fi 
- 
-# Check if command (file) NOT exist OR IS empty. 
-if [ ! -s "$PROG_SENDMAIL" ]; then 
-        log "Check if command '$PROG_SENDMAIL' was found............[FAILED]" 
-        sendmail ERROR 
-        movelog 
-        exit 17 
-else 
-        log "Check if command '$PROG_SENDMAIL' was found............[  OK  ]" 
-fi 
- 
-# Check if LOCK file NOT exist. 
-if [ ! -e "$FILE_LOCK" ]; then 
-        log "Check if script is NOT already runnig .....................[  OK  ]" 
- 
-        $TOUCH_COMMAND $FILE_LOCK 
-else 
-        log "Check if script is NOT already runnig .....................[FAILED]" 
-        log "" 
-        log "ERROR: The script was already running, or LOCK file already exists!" 
-        log "" 
-        sendmail ERROR 
-        movelog 
-        exit 20 
-fi 
- 
-# Check if REPO_TARGET Directory NOT exists. 
-if [ ! -d "$REPO_TARGET" ]; then 
-        log "Check if REPO_TARGET exists................................[FAILED]" 
-        log "" 
-        log " INFO: Creating REPO_TARGET!" 
-        log " INFO: --> "$REPO_TARGET 
-        log "" 
- 
-        $MKDIR_COMMAND -p $REPO_TARGET 
-else 
-        log "Check if REPO_TARGET exists................................[  OK  ]" 
-fi 
- 
-# Start syncing. 
-log "" 
-log "+-----------------------------------------------------------------+" 
-log "| Run synchronizing $SCRIPT_NAME repository................ |" 
-log "+-----------------------------------------------------------------+" 
-log "" 
- 
-log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE1" 
-$WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE1 
- 
-$RM_COMMAND -f $REPO_TARGET/index.htm* 
- 
-log "$WGET_COMMAND $WGET_CMDOPTS $REPO_SOURCE2" 
-$WGET_COMMAND $WGET_CMDOPTS --append-output=$FILE_LAST_LOG --directory-prefix=$REPO_TARGET $REPO_SOURCE2 
- 
-$RM_COMMAND -f $REPO_TARGET/index.htm* 
- 
-cd /root/bin 
- 
-if [ "$?" != 0 ]; then 
-        retval $? 
-        log "" 
-        $RM_COMMAND -f $FILE_LOCK 
-        sendmail ERROR 
-        movelog 
-        exit 99 
-else 
-        log "" 
-        log "+-----------------------------------------------------------------+" 
-        log "| End synchronizing $SCRIPT_NAME repository................ |" 
-        log "+-----------------------------------------------------------------+" 
-        log "" 
-fi 
- 
-# Finish syncing. 
-log "+-----------------------------------------------------------------+" 
-log "| Finish......................................................... |" 
-log "+-----------------------------------------------------------------+" 
-log "" 
- 
-# Status e-mail. 
-if [ $MAIL_STATUS = 'Y' ]; then 
-        sendmail STATUS 
-fi 
-# Move temporary log to permanent log 
-movelog 
- 
-exit 0 
-</code> 
-  
-===== Erster Start ===== 
- 
-Nach der erfolgreichen Installation, kann  der [[http://www.fwbuilder.org|FirewallBuilder]] mit nachfolgendem Befehl aus einer ''shell'' heraus, gestartet werden: 
-<code> 
-# fwbuilder 
-Firewall Builder GUI 5.0.0.3568 
-</code> 
- 
-Es sollte das nachfolgend darstellte Fenster erscheinen: 
- 
-{{:tachtler:fwbuilder:fwbuilder_main.png?|FirewallBuilder - Hauptfenster}} 
- 
-===== Regelinstallation ===== 
- 
-Damit der [[http://www.fwbuilder.org|FirewallBuilder]] Regeln auf verschiedene "Firewalls"  
-  * **kopieren** 
-und 
-  * **installieren** 
-kann, sind nachfolgende Schritte notwendig! 
- 
-==== Regelinstallation: Benutzer ==== 
- 
-Aus Sicherheitsgründen, sollte ein bestimmter Benutzer zur Verwaltung von Firewall-Regelsätzen angelegt werden. Dies bringt natürlich einen gewissen Mehraufwand mit sich, welcher jedoch in Kauf genommen werden sollte. 
- 
-:!: **WICHTIG** - **Dieser Benutzer muss auf __ALLEN__ Firewalls __UND__ auf dem FirewallBuilder-Server selbst angelegt werden !!!** 
- 
-Es soll eine **Gruppe**: 
-  * **''fwadmin''**  
-angelegt werden, und ein **Benutzer**:  
-  * **''fwadmin''** 
-angelegt werden unter dem die gesamte Verwaltung der Firewall-Regelsätze erfolgen soll. 
- 
-Um eine neue **Gruppe** anzulegen, kann nachfolgender Befehl genutzt werden: 
-<code> 
-# groupadd -g 599 fwadmin 
-</code> 
- 
-Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte: 
-<code> 
-# cat /etc/group | grep 599 
-fwadmin:x:599: 
-</code> 
- 
-Um eine neuen **Benutzer** anzulegen, kann nachfolgender Befehl genutzt werden: 
-<code> 
-# useradd -c "FirewallBuilder" -g 599 -m -s /bin/bash -u 599 fwadmin 
-</code> 
- 
-Ob der vorhergehende Befehl korrekt durchgeführt wurde, kann mit nachfolgendem Befehl ermittelt werden, welcher eine Ausgabe, wie nachfolgend dargestellt, anzeigen sollte: 
-<code> 
-# cat /etc/passwd | grep 599 
-fwadmin:x:599:599:FirewallBuilder:/home/fwadmin:/bin/bash 
-</code> 
- 
-Abschließend muss noch ein **Passwort** für den Benutzer **''fwadmin''** mit nachfolgendem Befehl gesetzt werden: 
-<code> 
-# passwd fwadmin 
-Changing password for user fwadmin. 
-New password: 
-Retype new password: 
-passwd: all authentication tokens updated successfully. 
-</code> 
- 
-==== Regelinstallation: Public-Key ==== 
- 
-:!: **HINWEIS** - **Aus Sicherheitsgründen, sollte auch SSH-Schlüsselpaar für den Benutzer erzeugt werden !!!** 
- 
-Bitte lesen Sie dazu nachfolgenden internen Dokuwiki-Eintrag: 
-  * [[tachtler:ssh#public-key_authentifizierung|SSH - Public-Key Authentifizierung]] 
- 
-==== Regelinstallation: Preferences ==== 
- 
-Um den [[http://www.fwbuilder.org|FirewallBuilder]] zur Installation eines Firewall-Regelwerks nutzen zu können, müssen einige Parameter im [[http://www.fwbuilder.org|FirewallBuilder]] hinterlegt werden. 
- 
-Als erstes sollte eine Verzeichnis im **''home''**-Verzeichnis des soeben angelegten Benutzers **''fwadmin''** mit nachfolgendem Befehl angelegt werden, welches zur Aufnahme von Daten des [[http://www.fwbuilder.org|FirewallBuilder]] dient: 
-<code> 
-# mkdir /home/fwadmin/fwb 
-</code> 
- 
-Dieses soeben erstellte Verzeichnis, kann dann im [[http://www.fwbuilder.org|FirewallBuilder]] unter dem Menüpunkt 
-  * **Edit** | **Preferences** | **General**  
-unter 
-  * **Working directory** bzw. 
-  * **Data directory** 
-eingetragen werden. 
- 
-{{:tachtler:fwbuilder:fwbuilder_edit_preferences_general.png?|FirewallBuilder - Edit - Preferences - General}} 
- 
-:!: **HINWEIS** - **Weitere Einstellungen, können je nach Umgebung getroffen werden !!!** 
- 
-===== Firewall ===== 
- 
-**Nach** der Neuanlage einer Firewall durch den [[http://www.fwbuilder.org|FirewallBuilder]] (welche durch eine Assistenten erfolgen kann), sollte noch ein Verzeichnis auf dem Server angelegt werden auf dem der [[http://www.fwbuilder.org|FirewallBuilder]] installiert ist.  
- 
-Dies kann mit nachfolgendem Befehl durchgeführt werden und sollte ebenfalls unter dem Benutzer **''fwadmin''** erfolgen: 
-<code> 
-# mkdir /home/fwadmin/fw 
-</code> 
- 
-:!: **HINWEIS** - **Dies ist der Speicherort für alle Firewalls, welche durch den [[http://www.fwbuilder.org|FirewallBuilder]] verwaltet werden!** 
- 
-==== Firewall Settings: Compiler ==== 
- 
-In den Einstellungen der Firewall, können unter dem Reiter **Compiler** nachfolgende Einstellungen durchgeführt werden: 
- 
-^ Feldname                       ^ Standard-Wert ^ Neuer Wert                                         ^ 
-| Output file name                             | /home/fwadmin/fw/firewallname.fw                   | 
- 
-{{:tachtler:fwbuilder:fwbuilder_firewall-settings_compiler.png?| FirewallBuilder - Firewall Settings - Compiler}} 
- 
-==== Firewall Settings: Installer ==== 
- 
-In den Einstellungen der Firewall, können unter dem Reiter **Installer** nachfolgende Einstellungen durchgeführt werden: 
- 
-^ Feldname                                                         ^ Standard-Wert ^ Neuer Wert                                         ^ 
-| Directory on the firewall where script should be installed                     | /home/fwadmin/fw                                   | 
-| User name used to authenticate to the firewall                                 | fwadmin                                            | 
-| Alternative name or address used to commincate with the firewall |               | 192.168.0.20                                       | 
-| Additional command line parameters for ssh                                     | -p 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder | 
-| Additional command line parameters for scp                                     | -P 22 -i /home/fwadmin/.ssh/id_rsa_FirewallBuilder | 
- 
-{{:tachtler:fwbuilder:fwbuilder_firewall-settings_installer.png?| FirewallBuilder - Firewall Settings - Installer}} 
- 
-==== Firewall Settings: Prolog/Epilog ==== 
- 
-In den Einstellungen der Firewall, können unter dem Reiter **Prolog/Epilog** nachfolgende Einstellungen durchgeführt werden: 
- 
-^ Feldname                                                                   ^ Standard-Wert ^ Neuer Wert                                         ^ 
-| The following command will be added varbatim after generated configuration |               | swervice iptables save                             | 
- 
-{{:tachtler:fwbuilder:fwbuilder_firewall-settings_prolog-epilog.png?|FirewallBuilder - Firewall Settings - Prolog/Epilog}} 
- 
-:!: **HINWIES** - **Die nachfolgenden __Reiter__, können unverändert belassen werden !!!** 
- 
-==== /etc/sudoers ==== 
- 
-Nachfolgende Änderung, **__MUSS__** auf **__JEDER__** **Firewall** durchgeführt werden, um den Firewall-Regelsatz auch **ausführen** zu können! 
- 
-Die Konfigurationsdatei 
-  * **''/etc/sudoers''** 
-sollte mit nachfolgendem Befehl 
-<code> 
-# visudo 
-</code> 
-wie folgt ergänzt werden (**nur relevanter Ausschnitt**): 
-<code ini> 
-... 
-## Allow root to run any commands anywhere 
-root    ALL=(ALL)       ALL 
- 
-# Tachtler 
-%fwadmin ALL = PASSWD: /home/fwadmin/fw/firewallname.fw 
-... 
-</code> 
- 
-:!: **HINWEIS** - Falls die entsprechende Firewall nicht **direkt, mit einer ''route''** erreichbar ist, kann auch nachfolgende Konfiguration nötig sein! 
-<code ini> 
-... 
-## Allow root to run any commands anywhere 
-root    ALL=(ALL)       ALL 
- 
-# Tachtler 
-Defaults:fwadmin !requiretty 
-%fwadmin ALL = NOPASSWD: /home/fwadmin/fw/firewallname.fw 
-... 
-</code> 
-* //Die Zeile ''Defaults:fwadmin !requiretty'' bedeutet, das der Bernutzer ''fwadmin'' keine ''tty'' zur Ausführung des ''shell''-Skriptes benötigt !// 
  
tachtler/firewallbuilder.1394809390.txt.gz · Zuletzt geändert: 2014/03/14 16:03 (Externe Bearbeitung)