The FWB-OPTIMZER english README
1. What is fwb-optimzer?
The fwb-optimizer is an firewall rule optimizer written in perl/xml::twig.
resolves negative rules, groups and delete redundant rules, and it is
to sort often used rules up, for more performance. The result is a new and
(mostly) cleaner fwbuilder xml file.
2. What are the needs for fwb-optimzer?
- You need the fwbuilder > version 1.0.3 from www.fwbuilder.org
- perl version > 5.0.... -- Its tested with perl 5.6.1
- And you need the perl XML::TWIG Module > version 3.04
- And you need a firewall setup with redundant rules to have something
PLEASE NOTE, THIS IS A ACADEMIC RESEARCH PROJECT, IT'S NOT FOCUSED ON
THE BEST EFORT!
- extract the fwb-optimizer.tar.gz in homedir of fwbuilder (usualy
/usr/local/bin) or in a other directory of your search path
- create the /usr/share/fwboptimizer/ directory
- move the fwb-optima-priogram.dtd and .xml files to
- move the fwb-optimizer-conf.dtd and .xml files to
- change the paths in fwb-optimizer-conf.xml
- check for all files the file permissions
- set in the fwbuilder gui at Firewall->Compiler/Install->Compiler the
"fwb-optimzer.pl" as your new compiler
4. What are the other files of the fwb-optimizer?
- BUGS -> the known bugs and issues
- README -> this readme
- TODO -> the todo list
- fwb-grpsolve.pl -> the group solver
- fwb-invneg.pl -> solves negativ rules into 2 postiv
- fwb-optima-priogram.dtd -> the DTD for the priogramm
- fwb-optima-priogram.xml -> xml priogramm (how to sort the rules)
- fwb-optimizer-conf.dtd -> the DTD for the conf file
- fwb-optimizer-conf.xml -> the config file for fwb-optimizer.pl
- fwb-optima.pl -> the program that sorts and cleans up the fwb rules
- fwb-optimizer.pl -> runs fwb-invneg.pl > fwb-grpsolve.pl
> fwb-optima.pl and the fwb compiler
in one run
5. Can i run the fwb-optimzer per hand in the cmd line?
Yes you can. Here an example:
firewall.xml is our file from fwbuilder.
fwb-invneg.pl firewall.xml > firewall.tmp1
fwb-grpsolve.pl firewall.tmp1 > firewall.tmp2
fwb-optima.pl > firewall.tmp2 > firewall_optimized.xml
fwb_ipt -f firewall_optimized.xml firewallname
To show the efects in fwbuilder open the firewall_optimized.xml file
6. There are big bugs?
Oh yes, that's possible. Please not this project is still in alpha!
Please write an email to: firstname.lastname@example.org, I will fix it up as fast
I can. And please read the BUGS file.
7. I don't understand some things!
Please also take in look in the source code, I think its pretty simple
8. What are the next steps in this project?
- Testing! Testing! Testing!
- include the "Time" based rules into to the optimization process
9. Where is additional documentation?
- Wait for it, I 'am writing a diploma about firewall optimization, but
It will be in German only