		       --------------
		       |FIREMAN TOOL|
		       --------------
03/10/2009

FIREMAN tool is part of the NSF funded project "Modeling, Validation,
and Optimization of Distributed Firewalls" at UC Davis.
http://www.ece.ucdavis.edu/rubinet/fireman.html

The source code is being distributed under the GNU General Public
License version 3 (GPLv3).

Installation:

Files: 

	buddy-2.4.tar.gz : BDD library
	FireBase/        : base library 
        InfoBase/        : parser for useful information like 
	
	InfoBase/PortParse         : port name -> number mapping
	InfoBase/ProtoParse        : protocol name -> number mapping
	InfoBase/BogonParse        : collection of Bogons

	

	FireMan/         : Firewall parser and Fireman checker

	FireMan/fwPIXParse.[ypp,lex] : Cisco PIX config parser
	FireMan/fwIPTParse.[ypp,lex] : Linux IPTable config parser
	FireMan/Firewall.[cpp,h]   : Firewall model (basic, PIX ACL)
	FireMan/nfFirewall.[cpp,h] : IPTables Chain 
	                     (requires boost::graph if you need dependency graphy)

	FireMan/fireman.cpp, fireman.h	  checking routine

	configs/          : configuration files used for InfoBase and testing
	
	configs/          These files should be regularly updated
	    bogon-bn-nonagg.txt    : http://www.cymru.com/Documents/bogon-bn-nonagg.txt
				     This is our default blacklist

	    port-numbers	   : http://www.iana.org/assignments/port-numbers

	    protocol-numbers       : http://www.iana.org/assignments/protocol-numbers

	    anon-PIX.cfg           : a real cisco pix config (anonymized)
	    sample1-pix.cfg           : oakland paper sample 1
	    sample3-pix.cfg           : oakland paper sample 3
	    ipt.cfg                 : test case for IPTables config
            rc.firewall.txt        : a real iptables config
				   :http://iptables-tutorial.frozentux.net/scripts/rc.firewall.txt
            
Step 1: tar -xzvf buddy-2.4.tar.gz
        cd buddy-2.4
	./configure ; make ; make install
	cd ..

Step 2:
	assuming buddy is installed in /usr/local/lib
	
	make 

	otherwise, modify the Makefile in FireMan accordingly

Step 3:
       ./fireman ./configs/zoovy.cfg PIX

       ./fireman ./configs/ipt.cfg IPT


Notes:
	Distributed checks yet to be ported over from earlier version     
	
	Fireman can NOT handle stateful firewall as of now.
Therefore, stateful configs are conveniently ignored.  
