Build a Better Firewall-Linux HA Firewall Tutorial
The final step in the process is generating the firewall scripts and installing them on the firewall cluster members. To keep the article short, I'm using the root user to install the Firewall Builder-generated firewall scripts on the firewall servers, but Firewall Builder also supports using nonroot users with proper sudo rights. This is covered in the on-line Users Guide.
Before you can install the rules on the cluster member, firewalls create a directory called /etc/fw on both lj-fw-1 and lj-fw-2 servers. This is the default location where Firewall Builder will install the generated firewall script.
As previously mentioned, the process where Firewall Builder converts the rules into a firewall script that will be run on the firewall is called compiling the rules. To compile and use the built-in installer to deploy the rules, click on the Install button at the top of Firewall Builder to launch the install wizard.
Click the check box next to the cluster name, and make sure the Install check boxes are selected for both lj-fw-1 and lj-fw-2. If there are any errors in the configuration, the compiler will display these; otherwise, you will see a dialog window (Figure 9) showing that the cluster was compiled successfully. When the cluster is compiled, a firewall for each member of the cluster is created and saved locally on the machine where Firewall Builder is running.
Clicking Next on this window launches the installer dialog window (Figure 10). Each firewall in the cluster will have its own installer window. The installer uses SCP to transfer the firewall script that was generated for the cluster member to the firewall. After the firewall script is copied, Firewall Builder logs in using SSH to run the script. The installer includes an option to run in verbose mode, which displays each command as it is being run on the remote firewall. After the install completes, a new installer appears for lj-fw-2, and the same process is repeated.
This article just skims the surface of using Firewall Builder to configure firewall clusters. You can find much more information in the Firewall Builder Users Guide, including how to install custom policies on an individual cluster member, which is available on-line at the NetCitadel Web site.
Mike Horn is the co-founder of NetCitadel LLC, the company that develops and supports Firewall Builder. He has worked on network and security technologies for more than 15 years at companies ranging from small startups to large global Internet Service Providers.
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
|Dart: a New Web Programming Experience||May 07, 2013|
- RSS Feeds
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Validate an E-Mail Address with PHP, the Right Way
- New Products
- Trying to Tame the Tablet
- Tech Tip: Really Simple HTTP Server with Python
8 min 10 sec ago
- not living upto the mobile revolution
2 hours 59 min ago
- Deceptive Advertising and
3 hours 35 min ago
- Let\'s declare that you have
3 hours 35 min ago
- Alterations in Contest Due
3 hours 37 min ago
- At a numbers mindset, your
3 hours 38 min ago
- Do not get Just Almost any
3 hours 41 min ago
- A fantastic rule-of-thumb to
3 hours 43 min ago
- Keren mastah..
4 hours 40 min ago
- mini tablet compare
5 hours 59 min ago
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.