|
Subject: |
Re: ACL compiler [was: Network Automation: An Architects View] |
|
From: |
Ted Kaczmarek <tedkaz @
optonline .
net> |
|
Date: |
Sat, 25 Jun 2005 21:00:21 -0400 |
|
To: |
DJ Gregor <dj @
gregor .
com> |
|
Cc: |
network-automation @
greatcircle .
com |
|
In-reply-to: |
<66b6f3369bde6fa64632f383d2bc4500@gregor.com> |
|
References: |
<5.1.0.14.0.20050521155048.025ab230@mail.eclipse.co.uk><17039.36357.794569.744848@perdition.linnaean.org><c0fc3ae805052217037a1c0971@mail.gmail.com><20050524115708.E40415@skink.reptiles.org><66b6f3369bde6fa64632f383d2bc4500@gregor.com> |
|
Reply-to: |
tedkaz @
optonline .
net |
On Tue, 2005-05-24 at 12:25 -0400, DJ Gregor wrote:
> In terms of ACL compilers, has anyone looked at Firewall Builder? It
> looks to have a general XML format that defines the policy (although at
> a low-level, in terms of ports and devices), along with translators
> from the XML format into implementation-specific configuration
> statements.
>
> http://www.fwbuilder.org/
>
> I've also seen the same thing done in a commercial product where not
> only the firewall configuration, but the entire device configuration
> was specified in an XML language that was translated to operating
> system-specific configurations (for multiple OSes, even). The XML
> configurations were per-device, not per-network, however.
>
>
> - djg
>
I would like it a lot more if it generated redhat style iptables
file :-)
It is a most popular tool used by lots of people I know.
Ted
Follow-Ups:
|
|
