RE: [fw-wiz] Sun/Solaris Checkpoint FW-1 Question

• Previous message: Steffen Kluge: "Re: [fw-wiz] Sun/Solaris Checkpoint FW-1 Question"
• In reply to: Alex Bihlmaier: "[fw-wiz] Sun/Solaris Checkpoint FW-1 Question"
• Next in thread: Andras Kis-Szabo: "Re: [fw-wiz] Sun/Solaris Checkpoint FW-1 Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Alex Bihlmaier'" <thalunil@kallisti.de>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 23 Jun 2004 20:58:23 -0400

Alex,

Check out the FW1rules.pl script you can find here:
http://www.wyae.de/software/fw1rules/ It can parse the objects.c and
rulebasename.W files from your CP box and convert it to HTML (in a format
that looks like the CP GUI), or txt, csv, or sql. I have only ever used the
HTML option (so as to grab a client's rule set for doing a firewall review),
so I can't say whether the TXT, CSV, or SQL output is useful, but I can say
this is the only script I've ever found that could parse the Checkpoint
configs.

As for converting this to other firewall rule formats, you might want to
check out FWBuilder - http://www.fwbuilder.org/ It is designed to be a kind
of platform-independent firewall rule set builder, though it doesn't
currently support Checkpoint, and you have to pay for the PIX module. But
it will do netfilter/iptables, ipfilter, or pf. I toyed with the idea of
tweaking the fw1rules.pl script so it would output Fwbuilder xml files that
might be imported into fwbuilder, but I have less than zero free time. :-(
Maybe some day.

HTH,
Chris

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Alex
Bihlmaier
Sent: Wednesday, June 23, 2004 1:40 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Sun/Solaris Checkpoint FW-1 Question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Guys,

One of my customers is using the Checkpoint FW-1 Firewall and has a
relativly large ruleset. (large as in large for just typing it down)

I want to get a ASCII (or any other format, netfilter, pf) output of the
running rules for backup purposes.

Does anyone know the appropriate tool or has a good hint for me? ;)

thx and greetings from germany,
~ thalunil
- --
Use PGP to encrypt/sign your eMail.

Get my public key at: http://www.kallisti.de/users/thalunil/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA2cBVZRXhGxCXApsRAuv0AKDiuZC22CxwwK7mNJcepT0csZxrBQCeOHFe
sFzlxrwv3X7y+fi9LtcCQW8=
=Yaml
-----END PGP SIGNATURE----- _______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Steffen Kluge: "Re: [fw-wiz] Sun/Solaris Checkpoint FW-1 Question"
• In reply to: Alex Bihlmaier: "[fw-wiz] Sun/Solaris Checkpoint FW-1 Question"
• Next in thread: Andras Kis-Szabo: "Re: [fw-wiz] Sun/Solaris Checkpoint FW-1 Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]