Table 1. Prerequisite packages
| Package | Version |
|---|---|
| glib | 1.2.10. |
| gtk | 1.2.10. |
| gdk-pixbuf | 0.11 or newer |
| gtkmm | 1.2.8 or newer |
| libsigc++ | 1.0 or 1.0.4 |
| libxml2 | 2.4.10 or newer |
| libxslt | 1.0.7 or newer |
| ucd-snmp | 4.2.3 or newer |
| openssl | 0.9.6b or newer |
Note: Starting with version 1.0.10 library libsigc++ uses script pkg-config to build. Firewall Builder needs older version of this library, we recommend version 1.0.4.
Note: Library glib2 (versions 2.x.x) is not compatible with glib-1.2 that we use. The same applies to gtk, library gtk-2.0 is incompatible with gtk-1.2 that fwbuilder needs. These libraries can be installed on the same machine though, they do not conflict.
Note: Do not use libxml2 v 2.4.25! It has a bug that causes fwbuilder to crash every time you save the data file or use Options dialog.
Firewall Builder needs several packages to be installed on the system because they provide various software libraries used by the code. On FreeBSD and OpenBSD these prerequisite packages will be installed automatically as a part of the port build process. The same happens on Mac OS X, where fink package manager automatically downloads, compiles and installs dependency packages. On Linux systems that use RPM package manager (RedHat, Mandrake and SuSE) dependency packages should be installed manually. The list of RPMs for these packages is provided below, separately for each supported Linux distribution. Most of these RPMs come with the OS and can be found on the distribution CD. Some of them are not part of the OS distribution and need to be downloaded. Sites such as http://rpmfind.net/, http://freshrpms.net/ and http://rpm.pbone.net/ serve either as repository of RPMs or specialized search engines. Of these, http://freshrpms.net/ is very complete repository of up-to-date RPMs specifically for RedHat 8 and RedHat 9, while http://rpm.pbone.net/ runs very powerful search engine that indexes lots of web and ftp sites that provide access to tons of RPMs.
If your system is configured as "Gnome Workstation" or Ximian Gnome is installed, then you already have proper gtk+, gtkmm and libsigc++ packages. If you are using KDE, then you may need to add these packages.
libxml2, libxslt, libsigc++ and gtkmm come as part of RedHat 7.3 or can be downloaded from http://xmlsoft.org and ftp://ftp.ximian.com/
Firewall Builder implements number of features which make use of SNMP, therefore you will need ucd-snmp RPM installed, too. RPMs we distribute are built using ucd-snmp v4.2.3 (as of Feb 2002)
Requirements are pretty much the same as for RH 7.x. Here is the list of packages that need to be installed:
Table 3. The following packages come with RedHat 8.0
glib-1.2.10 |
gtk+-1.2.10 |
gdk-pixbuf-0.18.0-4 |
gdk-pixbuf-gnome-0.18.0-4 |
bind-utils-9.2.1-9 |
bind-9.2.1-9 |
net-snmp-5.0.1-6 |
net-snmp-utils-5.0.1-6 |
openssl-0.9.6b-29 |
Unfortunately RedHat 8.0 does not come with libgtkmm and libsigc++ which are needed for fwbuilder. There are different ways you can get around this problem. You can recompile these two libraries yourself, using source rpm packages from earlier RedHat distribution. This can be done, but some tweaking of the source code is required. It is simpler to download pre-built RPMs from http://freshrpms.net/ . Look there under Custom packages : RedHat 8.0 (Psyche), then browse down to gtkmm and libsigc++
We provide links to these RPMs on http://freshrpms.net/ site from the Downloads page on http://www.fwbuilder.org/. Section for each Linux distribution has links to gtkmm and libsigc++ RPMs right after links to fwbuilder RPMs.
Another great place to download these RPMs from is http://rpm.pbone.net/, just use their search function by entering libsigc++-1.0.4 and gtkmm-1.2 in it.
Requirements for RedHat 9.0 are just like those for RedHat 8.0. Here is the list of RPMs you need:
Table 4. Prerequisite Packages
libgtkmm and libsigc++ - the same as for RedHat 8.0 |
libxml2-2.5.4 |
libxslt-1.0.27 |
openssl-0.9.7a |
net-snmp-5.0.6 and net-snmp-utils-5.0.6 |
bind-9.2.1 and bind-utils-9.2.1 |
gtkmm and libsigc++ RPMs can be downloaded from http://freshrpms.net/ . Look there under Custom packages : RedHat 9.0 (Shrike), then browse down to gtkmm and libsigc++10. Note that there are packages with similar but different names "gtkmm2" and "libsigc++". You really need to install "gtkmm" and "libsigc++10", it is important.
We provide links to these RPMs on http://freshrpms.net/ site from the Downloads page on http://www.fwbuilder.org/. Section for each Linux distribution has links to gtkmm and libsigc++ RPMs right after links to fwbuilder RPMs.
Another great place to download these RPMs from is http://rpm.pbone.net/, just use their search function by entering libsigc++-1.0.4 and gtkmm-1.2 in it.
Requirements for Fedora Core 1 are just like those for RedHat 9.0. Here is the list of RPMs you need:
Table 5. Prerequisite Packages
libgtkmm and libsigc++ - the same as for RedHat 9.0 |
libxml2-2.5.11 |
libxslt-1.0.33 |
openssl-0.9.7a |
net-snmp-5.0.9 and net-snmp-utils-5.0.9 |
bind-9.2.2 and bind-utils-9.2.2 |
Packages "libxml2", "libxslt", "openssl", "net-snmp" and "bind" come with Fedora, just install the latest available versions.
gtkmm and libsigc++ RPMs can be downloaded from http://freshrpms.net/ . Look there under Custom packages : RedHat 9.0 (Shrike), then browse down to gtkmm and libsigc++10. Note that there are packages with similar but different names "gtkmm2" and "libsigc++". You really need to install "gtkmm" and "libsigc++10", it is important.
We provide links to these RPMs on http://freshrpms.net/ site from the Downloads page on http://www.fwbuilder.org/. Section for each Linux distribution has links to gtkmm and libsigc++ RPMs right after links to fwbuilder RPMs.
Another great place to download these RPMs from is http://rpm.pbone.net/, just use their search function by entering libsigc++-1.0.4 and gtkmm-1.2 in it.
Using our binary RPMs on SuSE 9.0 is easy and requirements are just like for RedHat. Basically, all packages that you need to run Firewall Builder come with SuSE distribution and get installed automatically if you chose to install Gnome workstation. Use Yast to install packages, it automatically resolves dependencies and helps to get it done quickly.
SuSE 9.0 Professional Edition comes with RPMs for gtkmm and libsigc++ libraries (gtkmm-1.2.10-143.i586.rpm and libsigc++-1.0.4-265.i586.rpm). The Personal Edition does not include these packages, but you can download them from ftp://ftp.suse.com/.
Here is the list of other packages you would need to install fwbuilder on SuSE 9.0:
Here is the list of RPMs you need to have on your system. All these packages are part of Mandrake distribution.
Table 7. Prerequisite Packages
libglib1.2-1.2.10 | |||||
libgtk+1.2-1.2.10 | |||||
libgtkmm1.2-1.2.10 | |||||
libsigc++1.0-1.0.4 | |||||
gdk-pixbuf:
| |||||
The latest available libxml2 and libxml2-utils | |||||
The latest available libxslt1 | |||||
openssl-0.9.7a, libopenssl0.9.7-0.9.7a | |||||
| |||||
bind-utils-9.2.2-1mdk |
First of all, you need to establish build environment. You will need to install the same libraries you would need to run our binary distribution, plus development packages of all the same libraries. That is, if you use RedHat or Mandrake, then you would need to install gtkmm-devel in addition to gtkmm RPM, libxml2-devel in addition to libxml2 and so on. See below for the list of packages for other OS and distributions.
We tested with different versions of libxml2 and libxstl starting from libxml2-2.4.0 and libxslt-1.0.0, although we recommend using the latest which at the moment of writing this document are libxml2 2.4.19 and libxslt 1.0.15. Gnome ships with libxml-1.8 but you do not need to remove this one, just install libxml2 in addition, they do not conflict.
You will also need relatively new resolver library (libresolv). I do not know how to determine version of libresolv itself since RedHat now ships it as part of glibc and glibc-devel package. You should be fine if you use any fresh distribution. If your glibc is 2.2 then your copy of libresolv is fine. RedHat 6.2 ships old resolver though, so unfortunately you can not build Firewall Builder with support for advanced DNS features on RedHat 6.2.
Make sure you have both bind and bind-devel packages installed and it should be bind 8 or 9
If you want to be able to use SNMP to collect some information about hosts/firewalls, you need to have ucd-snmp package installed. We tested with version 4.1.3 and newer. Home page: http://net-snmp.sourceforge.net/. If snmp library is not installed on your system, then support for features requiring SNMP will be automatically disabled by configure script.
If you would like to build online class reference for the API, then you need to install DOC++ package. Home page: http://docpp.sourceforge.net/. If it is not present no error message will be shown, but class reference won't be generated.
Firewall Builder has been translated into several languages and uses GNU gettext to support internationalization. This means you will need this package on your system to build Firewall Builder. Some OS and distributions come with it by default, while others do not. See below for details.
To build from source, download and unpack two tar.gz archives: libfwbuilder-N.N.N.tar.gz and fwbuilder-M.M.M.tar.gz. First you need to build and install libfwbuilder because fwbuilder depends on it. The build procedure is the same for both modules, so I'll describe it only once using libfwbuilder as an example.
In order to build, you basically need to do the following:
$ zcat libfwbuilder-0.10.8.tar.gz | tar xvf - $ cd libfwbuilder $ ./autogen.sh --prefix=/usr/local $ make $ su # make install
Note that you should run script autogen.sh instead of configure, this script regenrates configure and number of other autoconf scripts using templates specific your OS and distribution.
This installs the following files on your system (actual directory paths may differ on different OS and distributions and also depend on the value of parameter --prefix given to autogen.sh ):
libraries libfwbd, libfwbuilder, libfwcompiler in ${prefix}/lib
few documentation files in /usr/share/doc/libfwbuilder-${VERSION}
XML DTD file fwbuilder.dtd /usr/share/libfwbuilder/
autoupgrade scripts in /usr/share/libfwbuilder/migration
Once you installed libfwbuilder, you can execute the same sequence of commands for fwbuilder. Module fwbuilder builds and installs the following:
GUI - executable file "fwbuilder", installed in ${prefix}/bin
few documentation files in /usr/share/doc/fwbuilder-${VERSION}
examples in /usr/share/doc/fwbuilder-${VERSION}/examples
various auxiliary files and scripts in /usr/share/fwbuilder
locale files in /usr/share/locale/
man pages in /usr/share/man/
icons in /usr/share/pixmaps/fwbuilder/
Policy compiler for iptables - file "fwb_ipt", installed in ${prefix}/bin
Policy compiler for pf - file "fwb_pf", installed in ${prefix}/bin
Policy compiler for ipfilter - file "fwb_ipf", installed in ${prefix}/bin
Table 8. Prerequisite Packages
gtkmm-1.2.8-1 or newer |
gtkmm-devel-1.2.8-1 or newer |
gdk-pixbuf-devel-0.16.0 or newer |
libsigc++-1.0.4-1 |
libsigc++-devel-1.0.4-1 |
libxml2-2.4.19 or newer (but not 2.4.25) |
libxml2-devel-2.4.19 or newer |
libxslt-1.0.15-1 or newer |
libxslt-devel-1.0.15-1 or newer |
openssl-0.9.6b or newer |
openssl-devel-0.9.6b or newer |
gettext-0.11.1 or newer |
See Section 2.1 for the URLs of online repositories of RPMs and specialized search engines where these RPMs can be downloaded from..
Note: Starting with version 1.0.10 library libsigc++ uses script pkg-config to build. Firewall Builder needs older version of this library, we recommend version 1.0.4.
As mentioned before, RedHat 8.0 misses gtkmm and libsigc++ libraries. See Section 2.3 for istructions where to get these packages from, but this time download and install -devel packages as well.
RedHat 8.0 comes with package net-snmp instead of ucd-snmp. In order to obtain support for SNMP queries and DNS zone transfers in Firewall Builder, the following packages need to be installed on RedHat 8.0:
net-snmp-5.0.6 , net-snmp-devel-5.0.6 and net-snmp-utils-5.0.6 |
bind-9.2.1, bind-devel-9.2.1 and bind-utils-9.2.1 |
Tip: Note that RH 8.0 uses newer version of gcc than RH 7. This means that libraries gtkmm and libsigc++ built for RH 7 won't work on RH 8 and vice versa. If you upgrade from RedHat 7.3 to 8.0, you may have older version of gtkmm left on your system and then wonder why fwbuilder compiled on the upgraded system fails. Pease consult Firewall Builder FAQ if the program you have compiled yourself fails to start. One of the reasons we see often is version mismatch of gtkmm and libsigc++ libraries.
Building prerequisites for RedHat 9.0 are just like those for RedHat 8.0. You need to install gtkmm and libsigc++10 packages as well as their -devel versions. See Section 2.4 for istructions where to get these packages from, but this time download and install -devel packages as well.
Here is the list of RPMs you need:
Building prerequisites for Fedora Core 1 are just like those for RedHat 9.0. You need to install gtkmm and libsigc++10 packages as well as their -devel versions. See Section 2.5 for istructions where to get these packages from, but this time download and install -devel packages as well.
Here is the list of RPMs you need:
Table 12. Prerequisite Packages
libgtkmm and libsigc++10 |
libxml2-2.5.11 and libxml2-devel-2.5.11 |
libxslt-1.0.33 and libxslt-devel-1.0.33 |
openssl-0.9.7a and openssl-devel-0.9.7a |
Table 13. Optional Packages
net-snmp-5.0.6, net-snmp-devel-5.0.6 and net-snmp-utils-5.0.6 |
bind-9.2.1, bind-devel-9.2.1 and bind-utils-9.2.1 |
There is one weird problem with RPMs "gtkmm" and "gtkmm-devel" that seems to appear only on Fedora. Here is what happened when I tried to install these RPMs on my test Fedora system:
# rpm --nosignature -ivh gtkmm-1.2.10-fr3.i386.rpm Preparing... ###################################### [100%] 1:gtkmm ###################################### [100%] # rpm --nosignature -ivh gtkmm-devel-1.2.10-fr3.i386.rpm error: Failed dependencies: gtkmm = 1.2.10 is needed by gtkmm-devel-1.2.10-fr3
The package "gtkmm" was successfully installed in the first step of the process, however packages "gtkmm-devel" did not see it. I could not figure out what's wrong with gtkmm-devel RPM, so I installed it forcefully ( --nodeps ). Everything seems to be working, I could build fwbuilder RPMs just fine after that.
Building on SuSE 9.0 is easy and requirements are just like for RedHat. SuSE 9.0 Professional Edition comes with all packages you need to compile and run Firewall Builder. Just use Yast to install them. If some of these packages are missing in SuSE Personal Edition, you should be able to download them from their ftp site.
Table 14. Prerequisite Packages
glib-1.2.10 and glib-devel-1.2.10 |
gtk-1.2.10 and gtk-devel-1.2.10 |
gtkmm-1.2.10 and gtkmm-1.2.10-devel |
libsigc++-1.0.4 and libsigc++-devel-1.0.4 |
gdk-pixbuf-0.18.0 and gdk-pixbuf-devel-0.18.0 |
libxml2-2.5.10 and libxml2-devel-2.5.10 |
libxslt-1.0.32 and libxslt-devel-1.0.32 |
openssl-0.9.7b and openssl-devel-0.9.7b |
There are no special instructions for building on Mandrake 9.1. Here is the list of RPMs you need to have on your system. All these RPMs are part of Mandrake distribution; you can use "rpmdrake" to install them.
Table 16. Prerequisite Packages
libglib1.2-1.2.10, libglib1.2-devel-1.2.10 | |||||
libgtk+1.2-1.2.10, libgtk+1.2-devel-1.2.10 | |||||
libgtkmm1.2-1.2.10, libgtkmm1.2-devel-1.2.10 | |||||
libsigc++1.0-1.0.4 and libsigc++1.0-devel-1.0.4 | |||||
gdk-pixbuf:
| |||||
The latest available libxml2, libxml2-devel and libxml2-utils | |||||
The latest available libxslt1 and libxslt1-devel | |||||
openssl-0.9.7a, libopenssl0.9.7-0.9.7a and libopenssl0.9.7-devel-0.9.7a |
You need to install GNU development environment, in particular gcc version 2.95.3 or newer, GNU ld which is part of binutils-2.11.2 , GNU make, autoconf, automake, libtool and GNU gettext. These packages can be downloaded from http://www.sunfreeware.com
Here is the list of recommended packages. Precompiled xml2 and xslt libraries for Solaris 8 can be downloaded from this site: http://garypennington.net/libxml2/ The rest can be found either on http://www.unixrealm.com/downloads/ or on http://www.sunfreeware.com
Table 18.
autoconf-2.53 |
|
automake-1.6 |
|
libtool-1.4 |
|
gettext-0.10.37 | GNU gettext |
|
|
gcc-2.95.3 |
|
binutils-2.11.2 | Need this for GNU ld |
make-3.79.1 | GNU make |
|
|
glib-1.2.10 |
|
gtk+-1.2.10 |
|
gtkmm-1.2.8 |
|
gdk-pixbuf-0.13.0 | See comment for libpng below |
libpng-1.0.6 | Do not use any other version; pre-built gdk-pixbuf v0.13 found on SunFreeware.com requires specifically libpng 1.0.6 |
libsigc++-1.0.4 |
|
libxml2-2.4.16 |
|
libxslt-1.0.12 |
|
openssl-0.9.6c | Try openssl_noshared-0.9.6c package if configure does not find openssl even though it is installed |
ucdsnmp-4.2.3 |
|
doc++-3.4.2 |
|
Certain patches are also critical. Make sure you have at least patch 109326 which replaces some header files and libraries we use. It is a good idea to install all latest recommended patches anyway.
Since all the packages downloaded from SunFreeware or Unixworld install in /usr/local, you need to set environment variables PATH to begin with "/usr/local/bin" and LD_LIBRARY_PATH to include /usr/local/lib before you run script configure.
Here is the list of packages and ports that need to be installed before you can compile libfwbuilder and fwbuilder:
devel/autoconf (port)
devel/automake (port)
devel/libtool (package)
devel/m4-1.4_1 (package)
devel/gettext (package)
devel/gmake (package)
devel/glib12 (package)
devel/libsigc++ (port)
x11-toolkits/gtk12 (package)
x11-toolkits/gtk-- (port)
graphics/gdk-pixbuf (package)
security/openssl (port)
net/net-snmp (port)
net/bind9 (port)
textproc/libxml2 (package)
textproc/libxslt (package)
Firewall Builder is available as a port for FreeBSD. Update your ports tree, then descent into directory /usr/ports/security/fwbuilder and type "make install". It should automatically install all dependencies listed above, then install libfwbuilder and finally install fwbuilder.
The nightly build code needs to be installed manually:
Install prerequisite packages and ports;
Deinstall existing fwbuilder and libfwbuilder ports if you have them on your system.
Remove any source code archives of libfwbuilder and fwbuilder you might have in /usr/ports/distfiles
Download port files libfwbuilder-freebsd-port.tar and fwbuilder-freebsd-port.tar from the nightly builds site and unpack them in some directory, for example /tmp.
Download source code archives from the nightly builds site (files libfwbulder-N.N.N.tar.gz and fwbuilder-N.N.N.tar.gz) and copy them into directory /usr/ports/distfiles
Enter directory /tmp/security/libwbuilder and type "make install". This should install API library libfwbuilder.
Enter directory /tmp/security/fwbuilder and type "make install". This should install the GUI and all policy compilers.
Be careful though, if you still have old port files under /usr/ports/security (part of the standard ports tree) and try to install nightly build by typing "make install" in /tmp/security/fwbuilder without installing libfwbuilder first, it may install libfwbuilder from the standard ports tree.
The prerequisite ports are the same as for FreeBSD and you should also use gmake to build.
devel/autoconf
devel/automake
devel/libtool
x11/gtkmm . It installs some other packages as dependencies.
graphics/gdk-pixbuf (port). If your system does not have Gnome and you do not want it, install this port using the following command:
FLAVOR=no_gnome make install
net/ucd-snmp
net/bind9
textproc/libxml
textproc/libxslt
Firewall Builder is available as a port for OpenBSD. However, it is not part of the standard ports tree and therefore needs to be installed manually.
Install gdk-pixbuf port (with or without GNOME). The rest of the prerequisite ports will be installed automatically as needed.
Download port files libfwbuilder-openbsd-port.tar and fwbuilder-openbsd-port.tar and unpack them in directories /usr/ports/security/libfwbuilder and /usr/ports/security/fwbuilder.
Enter directory /usr/ports/security/fwbuilder and type "make install". This should install API library libfwbuilder, the GUI and all policy compilers.
Firewall Builder compiles and works on Mac OS X, provided the following fink packages are installed:
autoconf25
automake
openssl097 and openssl097-dev
The list of packages that are needed is actually a lot longer, but almost all of them will be installed automatically as dependencies. These few packages, however, need to be installed beforehand.
We provide fink ".info" files for Mac OS X. You need to download source code archives and these two .info files from our web site, then install them as local fink packages:
Skip this phase if this is the first time you install Firewall Builder as a fink package on your Mac.
Remove any installed libfwbuilder and fwbuilder packages that you may have:
$ fink list '*fwb*'
$ fink remove fwbuilder libfwbuilder
Remove source code packages and binary packages that may have been left over from the previous installlation:
$ rm /sw/src/libfwbuilder*
$ rm /sw/src/fwbuilder*
$ rm /sw/fink/dists/local/main/binary*/libfwbuilder*
$ rm /sw/fink/dists/local/main/binary*/fwbuilder*
Download source code; you will need archives libfwbuilder-1.0.0.tar.gz and fwbuilder-1.0.10.tar.gz. Copy both files to the directory /sw/src
Download fink .info files from our web site and copy them to /sw/fink/dists/local/main/finkinfo/ directory
You may need to update Fink package database:
$ fink index
This step was not necessary with older versions of fink, but fink v0.6.2 does not seem to notice packages added to the "local" tree unless the database is rebuilt.
Install packages:
$ fink install fwbuilder
Fink should check dependencies and, if some packages are missing on your system, bring and install them. It installs libfwbuilder as part of this process.
As of October 2002 (version 1.0.7) both libfwbuilder and fwbuilder compile and run just fine on systems based on gcc 3.2 (RedHat 8.0 and Mandrake 9.0). Please note that the whole system, including all the libraries, must be compiled with the same compiler. This happens because gcc 3.x uses different name mangling algorithm for C++ code than previous versions of gcc; therefore it produces code that is incompatible with code compiled with previous versions of the compiler. For example, RedHat 8.0 does not ship libraries libsigc++ and libgtkmm which we use for the GUI. You either need to compile these libraries yourself, or use pre-built packages from Mandrake 9.0. Binary packages of these libraries built for RedHat 7.3 won't work!
You can always compile Firewall Builder locally without building proper packages. For example, when I need to test new version I compile and install it in my own home directory, this way I can have two different versions installed on the same machine. You could do the same just to be able to use it until proper packages for your system are built or when you do not have root access to install it system-wide.
First, create directory $HOME/fwbuilder and add the following to your environment:
PATH=$HOME/fwbuilder/bin:$PATH LD_LIBRARY_PATH=$HOME/fwbuilder/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH
I am using bash so I just put these commands in a script and execute it using operator "." (dot), or you could use aliases.
Next unpack both libfwbuilder and fwbuilder somewhere, e.g. in $HOME/src/. Then follow the standard build procedure, except add a parameter to calls to autogen.sh to specify new install prefix:
$ cd $HOME/src/libfwbuilder $ ./autogen.sh --prefix=$HOME/fwbuilder/ $ make $ make install $ cd ../fwbuilder $ ./autogen.sh --prefix=$HOME/fwbuilder/ $ make $ make install
this is it. Since you already have $HOME/fwbuilder/bin in your path, you should be able to just start it from command line:
$ fwbuilder