Re: [Shorewall-users] firewall analysis

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Sat, 2008-11-29 at 18:21 -0500, Tom Allison wrote:
> Karsten Bräckelmann wrote:
> > On Thu, 2008-11-27 at 15:27 +0100, Christian Vieser wrote:

> > To put it in other words: Isn't the shorewall configuration sufficient
> > to get a picture of allowed traffic?

> I think he's looking for an independent third part.

Maybe.  Honestly, I don't think so, though, given in his original post
Christian asked for a
> > > tool for analyzing or visualizing the firewall ruleset (based on the
> > > shorewall configuration or output of iptables)

So he would be happy with something visualizing his shorewall conf.

> The cheap answer -- have someone run nmap against your firewall.

That will only show a tiny window, even of a rather trivial network.

-- 
[ESR] Eric S. Raymond: "How To Ask Questions The Smart Way"
      http://www.catb.org/~esr/faqs/smart-questions.html
[SGT] Simon G. Tatham: "How to Report Bugs Effectively"
      http://www.chiark.greenend.org.uk/~sgtatham/bugs.html