From: Tom A. <to...@ta...> - 2008-11-29 23:45:53
|
Karsten Bräckelmann wrote: > On Thu, 2008-11-27 at 15:27 +0100, Christian Vieser wrote: >> my officemate asked me recently, if there is any tool available to analyze >> the shorewall policies and rules to get a "picture" of the allowed connections, >> or to get a list of allowed connections for a given IP. >> >> Since firewall rules tend to get more complex and confusing over the time :-) > [...] > >> There are a few projects out there which try to analyze the output of iptables, > > Got to admit, I'm slightly confused by the question. I've always seen > shorewall to be pretty much exactly that. A tool to define policies and > rules ("allowed connections" as you put it) for my network, in a > structured, comprehensible and easy to define way. If I can define my > rules, I can read and interpret them just the same. :) > > To put it in other words: Isn't the shorewall configuration sufficient > to get a picture of allowed traffic? > > > Since you specifically mentioned "small businesses", how large and > complicated are your policies and rules? > > I think he's looking for an independent third part. The cheap answer -- have someone run nmap against your firewall. |