README

 07/31/2002 05:36 PM

Paranoi <paranoi@vegatron.org>

The FWB-OPTIMZER english README
-------------------------------

1. What is fwb-optimzer?

The fwb-optimizer is an firewall rule optimizer written in perl/xml::twig. It
resolves negative rules, groups and delete redundant rules, and it is possible
to sort often used rules up, for more performance. The result is a new and
(mostly) cleaner fwbuilder xml file.

2. What are the needs for fwb-optimzer?

- You need the fwbuilder > version 1.0.3 from www.fwbuilder.org
- perl version > 5.0.... -- Its tested with perl 5.6.1
- And you need the perl XML::TWIG Module > version 3.04
- And you need a firewall setup with redundant rules to have something
  to optimize

PLEASE NOTE, THIS IS A ACADEMIC RESEARCH PROJECT, IT'S NOT FOCUSED ON
THE BEST EFORT!

3. Installation?

- extract the fwb-optimizer.tar.gz in homedir of fwbuilder (usualy
  /usr/local/bin) or in a other directory of your search path
- create the /usr/share/fwboptimizer/ directory
- move the fwb-optima-priogram.dtd and .xml files to
  /usr/share/fwboptimizer/ directory
- move the fwb-optimizer-conf.dtd and .xml files to
  /usr/share/fwboptimizer/ directory
- change the paths in fwb-optimizer-conf.xml
- check for all files the file permissions
- set in the fwbuilder gui at Firewall->Compiler/Install->Compiler the
  "fwb-optimzer.pl" as your new compiler

4. What are the other files of the fwb-optimizer?

- BUGS -> the known bugs and issues
- README -> this readme
- TODO -> the todo list
- fwb-grpsolve.pl -> the group solver
- fwb-invneg.pl -> solves negativ rules into 2 postiv
  rules
- fwb-optima-priogram.dtd -> the DTD for the priogramm
- fwb-optima-priogram.xml -> xml priogramm (how to sort the rules)
- fwb-optimizer-conf.dtd -> the DTD for the conf file
- fwb-optimizer-conf.xml -> the config file for fwb-optimizer.pl
- fwb-optima.pl -> the program that sorts and cleans up the fwb rules
- fwb-optimizer.pl -> runs fwb-invneg.pl > fwb-grpsolve.pl
                      > fwb-optima.pl and the fwb compiler
                      in one run

5. Can i run the fwb-optimzer per hand in the cmd line?

Yes you can. Here an example:

firewall.xml is our file from fwbuilder.
fwb-invneg.pl firewall.xml > firewall.tmp1
fwb-grpsolve.pl firewall.tmp1 > firewall.tmp2
fwb-optima.pl > firewall.tmp2 > firewall_optimized.xml

fwb_ipt -f firewall_optimized.xml firewallname

To show the efects in fwbuilder open the firewall_optimized.xml file

6. There are big bugs?

Oh yes, that's possible. Please not this project is still in alpha!
Please write an email to: paranoi@vegatron.org, I will fix it up as fast
I can. And please read the BUGS file.

7. I don't understand some things!

Please also take in look in the source code, I think its pretty simple
perl code.

8. What are the next steps in this project?

- Testing! Testing! Testing!
- include the "Time" based rules into to the optimization process

9. Where is additional documentation?

- Wait for it, I 'am writing a diploma about firewall optimization, but
  It will be in German only