Table 1-1. Prerequisite packages
| Package | Version |
|---|---|
| glib | 1.2.10. |
| gtk | 1.2.10. |
| gdk-pixbuf | 0.11 or newer |
| gtkmm | 1.2.8 or newer |
| libsigc++ | 1.0 or newer |
| libxml2 | 2.4.10 or newer |
| libxslt | 1.0.7 or newer |
| ucd-snmp | 4.2.3 or newer |
| openssl | 0.9.6b or newer |
Note: Library glib2 (versions 2.x.x) is not compatible with glib-1.2 that we use. The same applies to gtk, library gtk-2.0 is incompatible with gtk-1.2 that fwbuilder needs. These libraries can be installed on the same machine though, they do not conflict.
Note: Do not use libxml2 v 2.4.25! It has a bug that causes fwbuilder to crash every time you save the data file or use Options dialog.
If your system is configured as "Gnome Workstation" or Ximian Gnome is installed, then you already have proper gtk+, gtkmm and libsigc++ packages. If you are using KDE, then you may need to add these packages.
We build using gtkmm and libsigc++ packages that come with Ximian Gnome. These RPM can be downloaded from their ftp site directly, or obtained as part of Ximian Gnome or using Red Carpet. libsigc++ now comes on disk #2 with RedHat 7.3. Users of RedHat 7.2 systems can also get it from the home page at http://libsigc.sourceforge.net/
libxml2 and libxslt come as part of RedHat 7.3 or can be downloaded from http://xmlsoft.org
Firewall Builder implements number of features which make use of SNMP, therefore you will need ucd-snmp RPM installed, too. RPMs we distribute are built using ucd-snmp v4.2.3 (as of Feb 2002)
Table 2-1. Here is the list of recommended packages and where you can get them from:
| glib-1.2.10 | ftp://ftp.ximian.com/pub/ximian-gnome/redhat-73-i386/ |
| gtk+-1.2.10 | ftp://ftp.ximian.com/pub/ximian-gnome/redhat-73-i386/ |
| gtkmm-1.2.8-1 | ftp://ftp.ximian.com/pub/ximian-gnome/redhat-73-i386/ |
| gdk-pixbuf-0.16.0 | Ximian Gnome or RedHat |
| libsigc++-1.0.4-1 | RedHat 7.3 or ftp://ftp.ximian.com/pub/ximian-gnome/redhat-73-i386/ |
| libxml2-2.4.19 | RedHat 7.3 or ftp://ftp.gnome.org/pub/GNOME/stable/redhat/i386/libxml/ |
| libxslt-1.0.15-1 | RedHat 7.3 or ftp://ftp.gnome.org/pub/GNOME/stable/redhat/i386/libxslt/ |
| ucd-snmp-4.2.3 | RedHat |
| ucd-snmp-utils-4.2.3 | RedHat |
| openssl-0.9.6 | RedHat |
Requirements are pretty much the same as for RH 7.x. Here is the list of packages that need to be installed:
Table 2-2. The following packages come with RedHat 8.0
glib-1.2.10 |
gtk+-1.2.10 |
gdk-pixbuf-0.18.0-4 |
gdk-pixbuf-gnome-0.18.0-4 |
bind-utils-9.2.1-9 |
bind-9.2.1-9 |
net-snmp-5.0.1-6 |
net-snmp-utils-5.0.1-6 |
openssl-0.9.6b-29 |
Unfortunately RedHat 8.0 does not come with libgtkmm and libsigc++ which are needed for fwbuilder. There are different ways you can get around this problem. You can recompile these two libraries yourself, using source rpm packages from earlier RedHat distribution. This can be done, but some tweaking of the source code is required. Sooner or later, RedHat and other vendors are going to start distributing pre-built binary RPMs of these libraries. Mandrake already does that; my experience shows that Mandrake's binary RPMs of these libraries work on RedHat 8.0.
Mandrake packages can be found on on www.rpmfind.net:
libgtkmm1.2-1.2.9-3mdk.i586.rpm
libsigc++1.0-1.0.4-5mdk.i586.rpm
Another place where these binary RPM can be found is site http://freshrpms.net/ . Look there under Custom packages : RedHat 8.0 (Psyche), then browse down to gtkmm and libsigc++
Requirements for RedHat 9.0 are just like those for RedHat 8.0. Here is the list of RPMs you need:
Using our binary RPMs on SuSE 8.2 is easy and requirements are just like for RedHat. SuSE 8.2 does not have libgtkmm and libsigc++ libraries; I recommend using those from Mandrake or http://freshrpms.net/. Here is the list of other packages you would need to install fwbuilder on SuSE 8.2:
Here is the list of packages you need to install to run pre-built binary packages on this distribution (all these packages come with Mandrake 9.0):
Table 2-5.
libgtkmm1.2-1.2.9-3mdk |
libxml2-utils-2.4.23-4mdk |
libxml2-2.4.23-4mdk |
libxslt1-1.0.19-4mdk |
libsigc++1.0-1.0.4-5mdk |
ucd-snmp-4.2.3-4mdk |
ucd-snmp-utils-4.2.3-4mdk |
libsnmp0-4.2.3-4mdk |
libopenssl0-0.9.6g-1mdk |
openssl-0.9.6g-1mdk |
libgdk-pixbuf-xlib2-0.18.0-3mdk.i586.rpm |
Another option is to download binary packages built by Mandrake. They follow our releases and add new packages to Cooker. You can find these packages on http://www.rpmfind.net/. Here is the procedure supplied by one of our users:
go to www.rpmfind.net and click on "Go directly to RPM database"
type 'fwbuilder' in search box and download newest one listed from Distribution "Mandrake" or "Mandrake Cooker"
type 'libfwbuilder4' and download the newest one from mandrake or mandrake cooker
type 'libfwbuilder4-devel' and download the one that matches the one d/l in part 3.
as root:
"rpm -Uvh libfwbuilder4*.rpm fwbuilder*.rpm"
Here is the list of RPMs you need to have on your system:
Table 2-6. Prerequisite Packages
libglib1.2-1.2.10 | ||||
libgtk+1.2-1.2.10 | ||||
libgtkmm1.2-1.2.10 | ||||
libsigc++1.0-1.0.4 | ||||
gdk-pixbuf:
| ||||
libxml2-2.5.4 and libxml2-utils-2.5.4 | ||||
libxslt1-1.0.27 | ||||
openssl-0.9.7a, libopenssl0.9.7-0.9.7a | ||||
| ||||
bind-utils-9.2.2-1mdk |
First of all, you need to establish build environment. You will need to install the same libraries you would need to run our binary distribution, plus development packages of all the same libraries. That is, if you use RedHat or Mandrake, then you would need to install gtkmm-devel in addition to gtkmm RPM, libxml2-devel in addition to libxml2 and so on. See below for the list of packages for other OS and distributions.
We tested with different versions of libxml2 and libxstl starting from libxml2-2.4.0 and libxslt-1.0.0, although we recommend using the latest which at the moment of writing this document are libxml2 2.4.19 and libxslt 1.0.15. Gnome ships with libxml-1.8 but you do not need to remove this one, just install libxml2 in addition, they do not conflict.
You will also need relatively new resolver library (libresolv). I do not know how to determine version of libresolv itself since RedHat now ships it as part of glibc and glibc-devel package. You should be fine if you use any fresh distribution. If your glibc is 2.2 then your copy of libresolv is fine. RedHat 6.2 ships old resolver though, so unfortunately you can not build Firewall Builder with support for advanced DNS features on RedHat 6.2.
Make sure you have both bind and bind-devel packages installed and it should be bind 8 or 9
If you want to be able to use SNMP to collect some information about hosts/firewalls, you need to have ucd-snmp package installed. We tested with version 4.1.3 and newer. Home page: http://net-snmp.sourceforge.net/. If snmp library is not installed on your system, then support for features requiring SNMP will be automatically disabled by configure script.
If you would like to build online class reference for the API, then you need to install DOC++ package. Home page: http://docpp.sourceforge.net/. If it is not present no error message will be shown, but class reference won't be generated.
Firewall Builder has been translated into several languages and uses GNU gettext to support internationalization. This means you will need this package on your system to build Firewall Builder. Some OS and distributions come with it by default, while others do not. See below for details.
To build from source, download and unpack two tar.gz archives: libfwbuilder-N.N.N.tar.gz and fwbuilder-M.M.M.tar.gz. First you need to build and install libfwbuilder because fwbuilder depends on it. The build procedure is the same for both modules, so I'll describe it only once using libfwbuilder as an example.
In order to build, you basically need to do the following:
$ zcat libfwbuilder-0.10.8.tar.gz | tar xvf - $ cd libfwbuilder $ ./autogen.sh --prefix=/usr/local $ make $ su # make install
Note that you should run script autogen.sh instead of configure, this script regenrates configure and number of other autoconf scripts using templates specific your OS and distribution.
This installs the following files on your system (actual directory paths may differ on different OS and distributions and also depend on the value of parameter --prefix given to autogen.sh ):
libraries libfwbd, libfwbuilder, libfwcompiler in ${prefix}/lib
few documentation files in /usr/share/doc/libfwbuilder-${VERSION}
XML DTD file fwbuilder.dtd /usr/share/libfwbuilder/
autoupgrade scripts in /usr/share/libfwbuilder/migration
Once you installed libfwbuilder, you can execute the same sequence of commands for fwbuilder. Module fwbuilder builds and installs the following:
GUI - executable file "fwbuilder", installed in ${prefix}/bin
few documentation files in /usr/share/doc/fwbuilder-${VERSION}
examples in /usr/share/doc/fwbuilder-${VERSION}/examples
various auxiliary files and scripts in /usr/share/fwbuilder
locale files in /usr/share/locale/
man pages in /usr/share/man/
icons in /usr/share/pixmaps/fwbuilder/
Policy compiler for iptables - file "fwb_ipt", installed in ${prefix}/bin
Policy compiler for pf - file "fwb_pf", installed in ${prefix}/bin
Policy compiler for ipfilter - file "fwb_ipf", installed in ${prefix}/bin
Table 3-1. Prerequisite Packages
gtkmm-1.2.8-1 or newer |
gtkmm-devel-1.2.8-1 or newer |
gdk-pixbuf-devel-0.16.0 or newer |
libsigc++-1.0.4-1 or newer |
libsigc++-devel-1.0.4-1 or newer |
libxml2-2.4.19 or newer (but not 2.4.25) |
libxml2-devel-2.4.19 or newer |
libxslt-1.0.15-1 or newer |
libxslt-devel-1.0.15-1 or newer |
openssl-0.9.6b or newer |
openssl-devel-0.9.6b or newer |
gettext-0.11.1 or newer |
As mentioned before, RedHat 8.0 misses gtkmm and libsigc++ libraries. See Section 2.2 for istructions where to get these packages from, but this time download and install -devel packages as well.
RedHat 8.0 comes with package net-snmp instead of ucd-snmp. In order to obtain support for SNMP queries and DNS zone transfers in Firewall Builder, the following packages need to be installed on RedHat 8.0:
net-snmp-5.0.6 , net-snmp-devel-5.0.6 and net-snmp-utils-5.0.6 |
bind-9.2.1, bind-devel-9.2.1 and bind-utils-9.2.1 |
Tip: Note that RH 8.0 uses newer version of gcc than RH 7. This means that libraries gtkmm and libsigc++ built for RH 7 won't work on RH 8 and vice versa. If you upgrade from RedHat 7.3 to 8.0, you may have older version of gtkmm left on your system and then wonder why fwbuilder compiled on the upgraded system fails. Pease consult Firewall Builder FAQ if the program you have compiled yourself fails to start. One of the reasons we see often is version mismatch of gtkmm and libsigc++ libraries.
Building prerequisites for RedHat 9.0 are just like those for RedHat 8.0. Here is the list of RPMs you need:
Building on SuSE 8.2 is easy and requirements are just like for RedHat. SuSE 8.2 does not have libgtkmm and libsigc++ libraries; I recommend using those from Mandrake or http://freshrpms.net/. Here is the list of other packages you would need to compile from source on SuSE 8.2:
Table 3-5. Prerequisite Packages
glib-1.2.10 and glib-devel-1.2.10 |
gtk-1.2.10 and gtk-devel-1.2.10 |
libgtkmm and libsigc++ - the same as for RedHat 8.0 |
gdk-pixbuf-0.18.0 and gdk-pixbuf-devel-0.18.0 |
libxml2-2.5.3 and libxml2-devel-2.5.3 |
libxslt-1.0.26 and libxslt-devel-1.0.26 |
openssl-0.9.6i and openssl-devel-0.9.6i |
There are no special instructions for building on Mandrake 9.1. Here is the list of RPMs you need to have on your system:
Table 3-7. Prerequisite Packages
libglib1.2-1.2.10, libglib1.2-devel-1.2.10 | |||||
libgtk+1.2-1.2.10, libgtk+1.2-devel-1.2.10 | |||||
libgtkmm1.2-1.2.10, libgtkmm1.2-devel-1.2.10 | |||||
libsigc++1.0-1.0.4 and libsigc++1.0-devel-1.0.4 | |||||
gdk-pixbuf:
| |||||
libxml2-2.5.4, libxml2-devel-2.5.4 and libxml2-utils-2.5.4 | |||||
libxslt1-1.0.27 and libxslt1-devel-1.0.27 | |||||
openssl-0.9.7a, libopenssl0.9.7-0.9.7a and libopenssl0.9.7-devel-0.9.7a |
You need to install GNU development environment, in particular gcc version 2.95.3 or newer, GNU ld which is part of binutils-2.11.2 , GNU make, autoconf, automake, libtool and GNU gettext. These packages can be downloaded from http://www.sunfreeware.com
Here is the list of recommended packages. Precompiled xml2 and xslt libraries for Solaris 8 can be downloaded from this site: http://garypennington.net/libxml2/ The rest can be found either on http://www.unixrealm.com/downloads/ or on http://www.sunfreeware.com
Table 3-9.
autoconf-2.53 |
|
automake-1.6 |
|
libtool-1.4 |
|
gettext-0.10.37 | GNU gettext |
|
|
gcc-2.95.3 |
|
binutils-2.11.2 | Need this for GNU ld |
make-3.79.1 | GNU make |
|
|
glib-1.2.10 |
|
gtk+-1.2.10 |
|
gtkmm-1.2.8 |
|
gdk-pixbuf-0.13.0 | See comment for libpng below |
libpng-1.0.6 | Do not use any other version; pre-built gdk-pixbuf v0.13 found on SunFreeware.com requires specifically libpng 1.0.6 |
libsigc++-1.0.4 |
|
libxml2-2.4.16 |
|
libxslt-1.0.12 |
|
openssl-0.9.6c | Try openssl_noshared-0.9.6c package if configure does not find openssl even though it is installed |
ucdsnmp-4.2.3 |
|
doc++-3.4.2 |
|
Certain patches are also critical. Make sure you have at least patch 109326 which replaces some header files and libraries we use. It is a good idea to install all latest recommended patches anyway.
Since all the packages downloaded from SunFreeware or Unixworld install in /usr/local, you need to set environment variables PATH to begin with "/usr/local/bin" and LD_LIBRARY_PATH to include /usr/local/lib before you run script configure.
Here is the list of packages and ports that need to be installed before you can compile libfwbuilder and fwbuilder:
devel/autoconf (port)
devel/automake (port)
devel/libtool (package)
devel/m4-1.4_1 (package)
devel/gettext (package)
devel/gmake (package)
devel/glib12 (package)
devel/libsigc++ (port)
x11-toolkits/gtk12 (package)
x11-toolkits/gtk-- (port)
graphics/gdk-pixbuf (package)
security/openssl (port)
net/net-snmp (port)
net/bind9 (port)
textproc/libxml2 (package)
textproc/libxslt (package)
Make sure you use gmake to build and set the following environment variables:
export GLIB_CONFIG=/usr/local/bin/glib12-config export LD_LIBRARY_PATH=/usr/local/lib
Firewall Builder is available as a port for FreeBSD. However, until it is a part of the standard ports tree, the port needs to be installed manually. As of the time of this writing, existing port "fwbuilder" is obsolete (v0.8.7, about two years old) and port "libfwbuilder" is not being maintained.
Install prerequisite packages and ports;
Download port files libfwbuilder-freebsd-port.tar and fwbuilder-freebsd-port.tar and unpack them in directories /usr/ports/security/libfwbuilder and /usr/ports/security/fwbuilder.
Enter directory /usr/ports/security/fwbuilder and type "make install". This should install API library libfwbuilder, the GUI and all policy compilers.
You need the same ports as for FreeBSD and should use gmake to build.
devel/autoconf
devel/automake
devel/libtool
x11/gtkmm . It installs some other packages as dependencies.
graphics/gdk-pixbuf (port). If your system does not have Gnome and you do not want it, install this port using the following command:
FLAVOR=no_gnome make install
net/ucd-snmp
net/bind9
textproc/libxml
textproc/libxslt
Firewall Builder is available as a port for OpenBSD. However, until it is a part of the standard ports tree, the port needs to be installed manually.
Install gdk-pixbuf port (with or without GNOME). The rest of the prerequisite ports will be installed automatically as needed.
Download port files libfwbuilder-openbsd-port.tar and fwbuilder-openbsd-port.tar and unpack them in directories /usr/ports/security/libfwbuilder and /usr/ports/security/fwbuilder.
Enter directory /usr/ports/security/fwbuilder and type "make install". This should install API library libfwbuilder, the GUI and all policy compilers.
Firewall Builder compiles and works on Mac OS X, provided the following fink packages are installed:
autoconf25
automake
openssl097 and openssl097-dev
The list of packages that are needed is actually a lot longer, but almost all of them will be installed automatically as dependencies. These few packages, however, need to be installed beforehand.
We provide fink ".info" files for Mac OS X. You need to download source code archives and these two .info files from our web site, then install them as local fink packages:
Skip this phase if this is the first time you install Firewall Builder as a fink package on your Mac.
Remove any installed libfwbuilder and fwbuilder packages that you may have:
$ fink list '*fwb*'
$ fink remove fwbuilder libfwbuilder
Remove source code packages and binary packages that may have been left over from the previous installlation:
$ rm /sw/src/libfwbuilder*
$ rm /sw/src/fwbuilder*
$ rm /sw/fink/dists/local/main/binary-darwin-powerpc/libfwbuilder*
$ rm /sw/fink/dists/local/main/binary-darwin-powerpc/fwbuilder*
Download source code; you will need archives libfwbuilder-1.0.0.tar.gz and fwbuilder-1.0.10.tar.gz. Copy both files to the directory /sw/src
Download fink .info files from our web site and copy them over to the /sw/fink/dists/local/main/finkinfo/ directory
Install packages:
$ fink install fwbuilder
Fink should check dependencies and, if some packages are missing on your system, bring and install them. It installs libfwbuilder as part of this process.
As of October 2002 (version 1.0.7) both libfwbuilder and fwbuilder compile and run just fine on systems based on gcc 3.2 (RedHat 8.0 and Mandrake 9.0). Please note that the whole system, including all the libraries, must be compiled with the same compiler. This happens because gcc 3.x uses different name mangling algorithm for C++ code than previous versions of gcc; therefore it produces code that is incompatible with code compiled with previous versions of the compiler. For example, RedHat 8.0 does not ship libraries libsigc++ and libgtkmm which we use for the GUI. You either need to compile these libraries yourself, or use pre-built packages from Mandrake 9.0. Binary packages of these libraries built for RedHat 7.3 won't work!