Re: [fw-wiz] firewall rule lifecycle management
From: Victor Williams (vbwilliams_at_neb.rr.com)
Date: 09/01/05
- Previous message: Kevin: "Re: [fw-wiz] stopping bots from phoning home"
- In reply to: Martin: "Re: [fw-wiz] firewall rule lifecycle management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Martin <marty@supine.com> Date: Wed, 31 Aug 2005 21:03:38 -0500
True.
That's why I've started commenting rules, or groups of rules. Then I
can go back later and determine if they are actually needed.
Martin wrote:
> $quoted_author = "Bruce Smith" ;
>
>>From my PIX experience, clear rule counters every month. After a while, look
>>for the rules that have zero counts and then remove them. Can be scripted
>>and searched with grep.
>
>
> that's a neat way of picking up dormant rules, but you'd still need to
> review them manually to identify rules that should no longer be in place
> even if traffic is still matching them.
>
> cheers
> marty
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Kevin: "Re: [fw-wiz] stopping bots from phoning home"
- In reply to: Martin: "Re: [fw-wiz] firewall rule lifecycle management"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
