On Thu, 2008-11-27 at 15:27 +0100, Christian Vieser wrote:
> my officemate asked me recently, if there is any tool available to analyze
> the shorewall policies and rules to get a "picture" of the allowed
> connections,
> or to get a list of allowed connections for a given IP.
>
> Since firewall rules tend to get more complex and confusing over the time :-)
[...]
> There are a few projects out there which try to analyze the output of
> iptables,
Got to admit, I'm slightly confused by the question. I've always seen
shorewall to be pretty much exactly that. A tool to define policies and
rules ("allowed connections" as you put it) for my network, in a
structured, comprehensible and easy to define way. If I can define my
rules, I can read and interpret them just the same. :)
To put it in other words: Isn't the shorewall configuration sufficient
to get a picture of allowed traffic?
Since you specifically mentioned "small businesses", how large and
complicated are your policies and rules?
--
[ESR] Eric S. Raymond: "How To Ask Questions The Smart Way"
http://www.catb.org/~esr/faqs/smart-questions.html
[SGT] Simon G. Tatham: "How to Report Bugs Effectively"
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
