Don Drohman wrote: > This is an excellent question, and has relevance beyond just > troubleshooting and maintenance. I don't know how many times an auditor > has asked the pointed audit question, "What controls (tools and > processes) do you use to verify the technology in place is configured > correctly to support policy...". The fact that the Shorewall config > files are further "compiled", before loading to firewall, really says > that unless you are reviewing the output from iptables directly, you > really have no good answer to that question. > Don, thank you for strengthening this point. This is indeed an aspect in firewall operations often overseen.
> You may have already found this, but take a look at ITVal on Sourceforge > (http://sourceforge.net/projects/itval/). It doesn't give you a > "picture" of the firewall, but probably better, it lets you formulate > queries against the table rules. > Interesting tool. Unfortunately it crashes when feeded with my firewall config (but it runs with the smaller ruleset of a second firewall). If I get it working (and manage to understand the query syntax) this would definitely meet my needs. Regards, Christian ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
