Re: [fw-wiz] Auditing a firewall rulebase

Hey All,
I've released version 1.1 of the Firewall Rulebase Automation tool.
Not a major upgrade but still a few things cleaned up and it looks
better now:

- Outputs now available in reasonably neat HTML format :D
- No more complex command line arguments, everything's in a config file
- More ports added in vulnerable ports section
- Options available to obtain detailed/non detailed output

I wanted to put in detailed redundancy checking but the effort
involved was too high for this release. Maybe version 1.2 , whenever
that is ;).

The latest version is available at:

As usual please get back to me with your brickbats , they are the only
way I can improve on my work. Any good feedback as well is thoroughly
appreciated :)

Paladion Networks -

On Wed, Jun 18, 2008 at 2:34 PM, arvind doraiswamy
<arvind.doraiswamy@xxxxxxxxx> wrote:
Hey Guys,
Thanks for all your inputs. I got a few valuable points that I managed
to integrate together in a Perl script which will assist in auditing a
firewall rulebase. It can be useful both for a third party auditor as
well as a firewall admin who has his hands very full.

The POC is available at:

Right now it supports just Cisco PIX - but the framework is there for
other firewalls as well. Do go through the ReadMe which is part of the
file and provide me with feedback on where I have messed up - if

Thanks again

firewall-wizards mailing list

Relevant Pages

  • Re: Auditing a Firewall rulebase
    ... designed to scale across multiple firewalls and no major changes need ... Does it have support for Cisco PIX/ASA 7.x code onwards as well? ... the Firewall Rulebase Automation tool. ...
  • Firewall rulebase automation - Grey Box assessment
    ... Maybe there have been times when you have pentested a firewall. ... part of a grey box engagement you were assigned the task of auditing ... that HUGE firewall rulebase and were stuck on how to proceed, ... Securing Web Applications ...
  • [fw-wiz] Sync Firewall Policy (Checkpoint NG FP2)
    ... Any idea what is the best way to sync the firewall rulebase between two ... Send a fun phone greeting to your friend! ...
  • Re: Auditing a Firewall rulebase
    ... Asunto: Re: Auditing a Firewall rulebase ... Thanks to everyone who gave me feedback. ... - Options available to obtain detailed/non detailed output ...
  • Re: which project should I work on?
    ... I was wondering on any feedback on which of the following pet projects ... would be most helpful to the community. ... firewall, for instance, or install gems without resorting to NTLM APS ...