I found something interesting today playing with a Netasq F150 (rebranded Stormshield firewall). The firewall OS (named ASQ) is based on the top of FreeBSD.
When I looked at the internal text files which contains the configuration for the firewall rules I found that the rule syntax looks a lot like PF. Simple coincidence ? #============================================= # /usr/Firewall/ConfigFiles/Filter #============================================= # more 02 [Filter] pass from network_internals to any port web_srv pass from network_internals to any port ftp # Force FTP analysis pass from network_internals to any port mail_srv pass ipproto icmp type 8 code 0 from network_internals to any # Accept PING only # more 03 [Filter] pass from network_internals to any port plugins # Force plugins analysis pass ipproto tcp from network_internals to any # Accept TCP only # more 04 [Filter] pass from network_internals to any port plugins # Force plugins analysis pass from network_internals to any # Accept all # more 05 [Filter] pass inspection firewall log from IP_Pub-MainPool1 on out to IP_Pub_1.1.1.2 port microsoft-ts -> to srv-ToIP_4760 rulename "Télémaintenance" pass inspection firewall log from IP_Pub-MainPool1 on out to Firewall_out_1 port Port_4343 -> to Ctrl-Wifi rulename "Télémaintenance" pass inspection firewall log from Network_internals to shared-printer rulename "Shared Printer" # Internet pass inspection firewall log from Network_Cutomer_A|Network_Phone-TOIP to Network_Vlans_Impairs port ssh|Port_4343|https|telnet rulename "Admin Switch + FW" # Internet pass inspection firewall log from Network_internals to internet rulename "Internet" # Internet pass inspection firewall log from any to firewall_all port firewall_srv|ssh|https # Admin from everywhere pass inspection firewall log ipproto icmp type 8 code 0 proto none from any to any # Allow Ping from everywhere block inspection firewall log from any to any # Block all [NAT] nat from Network_Phone-TOIP to internet -> from IP_Pub_1.1.1.2 to original nat from Network_KI_EXECUTIVE to internet -> from IP_Pub_1.1.1.2 to original nat from VisioConférence to any on out -> from IP_Pub_1.2.3.4 arp -# NAT nat from any on out to IP_Pub_1.2.4.5 -> beforevpn to VideoConference arp- # NAT nat from Network_internals to internet on out -> from Firewall_out_1 to original
