On Sun, 22 May 2005, Lori Barfield wrote:
> well, i wouldn't limit the solution to an ACL compiler; i'd shoot
> for the whole kit, where the security policy is defined with a strict
> syntax, and that is interpreted to create baseline executable
> configuration instructions for traffic-bearing devices at various
> layers.
Heh. I floated that idea by on firewall-wizards a while back, and it's
really not at all a trivial problem or an easy solution.
Each device and vendor uses slightly different syntax, and producing
an agreeable meta-language is a right pain in the keister.
cheers!
==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet. This is the defining metaphor of my life right now."
Follow-Ups:
References:
|
|
