how to manage/monitor fwbuilder in Lenny?
 

i start fwbuilder with debug option:
# ssh root@localhost sudo -S /etc/fw/firewall.fw
and iptables rules are setup without any errors.

What exactly is the fwbuilder firewall? Simply this iptables set of rules? Or the running fwbuilder script (firewall.fw)? Both?

What now? How do I see what's going on?

When i scan with nmap, it doesn't seem to matter if i have a firewall running or not. I have used firestarter till now.

Hello,
fwbuilder creates a shell script (.fw) which makes calls to programs (iptables and others) to make the firewall (.fwb) rules effectives. To insert the fw, you only need to execute the shell script (.fw), making it executable (chmod +x *.fw) or calling it via a shell (bash *.fw). iptables makes changes to the kernel IP tables.

iptables throws its messages to /var/log/kern.log (deppending on configuration). There, you'll find lots of DENY/ACCEPT lines, which refers to your fwb rules. Each line tells source and destination address (SRC and DST), source and destination port (SPT and DPT), MAC addresses, time, device, protocol (TCP or UDP) and other IP flags.

I don't know about any debugging program other than grep ;)
See you!!
emi

fwbuilder docs are good - to a point: i got a fw-script compiled and installed. It seems, tho, then the docs just stop. I run the script and i see the iptables rules scrolling by (or in/var/log/kern.log). Is that it? Am i done? Does the fw-script run in the background? Does fwbuilder have some sort of admin functionality? I thought that was the purpose of the "management interface", ie some sort of admin.

With debug, i meant the fwbuilder "script options" debug.

i run iptraf and firestarter still, because i'm unsure about fwbuilder...

Compiled and installed means that fwbuilder has translated your fw rules from fwbuilder own language (xml) to a iptables based shell script and copied to the server. To run this script, you can do it manually or via a init script, ensuring it is executed every time the machine comes up. A good place to call it from is the final init script on (at least) Debian machines: /etc/rc.local . You don't need any other fw script, program or anything.

These 'iptables rules scrolling' are shown because of the enabled debug option. And they correspond to the commands executed by the shell script. iptables are some kind of special kernel feature: they are modified by programs like iptables, but they are completely managed by kernel and/or kernel modules. No need of any special admin tool, neither daemon nor background program. Still, if you like, you can install log analyzers to ensure you're advised if anything special happens on your network.

As told, no. fwbuilder just helps creating the shell script that will modify kernel iptables. To control what is happening on your interfaces, you'll need any linux network analyzer program (tcpdump, iptraf, iftop, nethogs, etc) and/or a fw log analyzer (I don't know any, but sure they exist).

To see if the rules are working as expected, you'll probably need grep:

• if http server port is being denied:
  
  Code:

  ---

  grep "DPT=80" /var/log/kern.log | grep DENY

  ---

• if smtp server port is being accepted:
  
  Code:

  ---

  grep "DPT=25" /var/log/kern.log | grep ACCEPT

  ---

• if server can send via the dns port:
  
  Code:

  ---

  grep "SPT=53" /var/log/kern.log | grep ACCEPT

  ---

• ...and so on.

To live analyze the fw, as told, you'll need a log analyzer. If you need to modify the fw, you'll need to edit it with fwbuilder, re-compile it and re-install it to the server. If you know enough, you can modify it with iptables calls, but you'll need to add them too to the fw shell init script.

See you!!
emi

Ok, thanks emi, thats what i wanted to know...