WallFire 0.9.8

WallFire is a very general and modular firewalling application based on Netfilter or any kind of low-level framework.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!
send us
an update
GPL (GNU General Public License) 
3.0/5 1
Hervé Eychenne
ROOT \ System \ Networking
WallFire is a very general and modular firewalling application based on Netfilter or any kind of low-level framework.

It will enable to manage every aspect of a firewall administration, from configuration to monitoring, intrusion detection, etc...
WallFire will provide command line and interactive tools as well as X Window or Web front-ends.

WallFire is "libre" (free as a speech, in English) software. It is mainly written in C++ and is intended to run on every *nix system.

WallFire is a package that is composed of:

a server side:
wfpolicyd, a daemon which can run on any host and centralises the rules and policy management
wfcommitd, a daemon which runs on the firewall(s) itself and commits the firewalling rules, whatever platform it is running on and whatever tools are available on the latter.
So you will need to run a wfcommitd daemon on each firewall, but only one wfpolicyd for a whole site.
a client side:
some libraries (for example wfnetobjs) on which every operation relies
wfconvert, the tool which imports/translates rules from/to any supported firewalling language
wflogs, the log analysis and reporting tool
wfadmin, the administration shell tool
xwfadmin, the X (Qt) administration front-end, which is useful, but not compulsory
webfire, the Web administration interface (in PHP).

Of course, client and server parts can (should?) be run on different hosts. All communications will be authentificated and encrypted (via SSL). Every data (network objects, rules, logs) will be importable/exportable in XML.

So far, the things that have been implemented are: some libraries (wfnetobjs for example), the wfconvert (which is quite functionnal now) and wflogs (which is mature and fully functionnal) commands.

Note that wfconvert and wflogs can be used locally, independantly of other WallFire tools.

What's New in This Release:

· Improved matching of netfilter and ipfilter input modules.
· Added support for Cisco FWSM (PIX).
· Improved netfilter parsing.
· Compilation fixes for *BSD.
· Added wflogs.dtd.
· Added wfchkintegrity tool, which enables to monitor changes in the firewalling configuration.

Last updated on July 13th, 2006

#fire wall #firewall administration #intrusion detection #intrusion #detection #firewall #administration

Add your review!