Karsten Bräckelmann wrote:
> On Thu, 2008-11-27 at 15:27 +0100, Christian Vieser wrote:
>> my officemate asked me recently, if there is any tool available to analyze
>> the shorewall policies and rules to get a "picture" of the allowed
>> connections,
>> or to get a list of allowed connections for a given IP.
>>
>> Since firewall rules tend to get more complex and confusing over the time :-)
> [...]
>
>> There are a few projects out there which try to analyze the output of
>> iptables,
>
> Got to admit, I'm slightly confused by the question. I've always seen
> shorewall to be pretty much exactly that. A tool to define policies and
> rules ("allowed connections" as you put it) for my network, in a
> structured, comprehensible and easy to define way. If I can define my
> rules, I can read and interpret them just the same. :)
>
> To put it in other words: Isn't the shorewall configuration sufficient
> to get a picture of allowed traffic?
>
>
> Since you specifically mentioned "small businesses", how large and
> complicated are your policies and rules?
>
>
I think he's looking for an independent third part.
The cheap answer -- have someone run nmap against your firewall.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
