Showing posts with label Firewall. Show all posts
Showing posts with label Firewall. Show all posts

Monday, April 29, 2013

[Sanewall 1.0.0] Making sense of firewalling


Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful as well as easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls.

Sanewall can be used for almost any firewall need, including:
  • control of any number of internal/external/virtual interfaces
  • control of any combination of routed traffic
  • setting up DMZ routers and servers
  • all kinds of NAT
  • providing strong protection (flooding, spoofing, etc.)
  • transparent caches
  • source MAC verification
  • blacklists, whitelists

The current experimental snapshotssupport IPv6. Sanewall abstracts the differences between IPv4 and IPv6, allowing you to define a common set of rules for both whilst permitting specific rules for each as you need.

Sanewall is a fork of FireHOL. The configuration language is identical, just see this FAQ for some variable name changes. For now the FireHOL website is still the best source of introductory information.
Sanewall is released under the GPLv2+open source licence.

Posted by at No comments:
Labels: , , ,

[WAF-FLE] Web application firewall: fast log and event console

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc (modsecurity event log handler).

Features:
  • Central event console
  • Support Modsecurity in “traditional” and “Anomaly Scoring”
  • Able to receive events sent from mlogc (in real time or in batch using mlogc-batch-load.pl)
  • No sensor number limit
  • Dashboard with recent events information
  • Drill down of events with filter
  • Every (almost) data is “clickable” to drill down the filter
  • Inverted filter (to filter for “all but this item”)
  • Filter for network (in CIDR format, x.x.x.x/22)
  • Raw event download
  • Use Mysql as database
  • Open Source released under GPL v2

Posted by at No comments:
Labels: , , ,

Tuesday, April 2, 2013

[360-FAAR v0.4.1] Firewall Analysis Audit And Repair


360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Changes: This release adds the 'mergelog' mode to merge binary log entries from one config with another and significantly updates the user interface. All configs can be loaded from the 'load' menu instead of specifying them on the command line. Added 'verbose' switches to 'print' and 'rr' modes so that screen output can be switched off, and all 'end.' key words have been changed to simply '.' to reduce the number of keystrokes needed. Entering '0' now adds all options and '.' chooses the default if available. The Netscreen output stage now uses a default zone if none are specified.
Read Policy and Logs for:
Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

Download 360-FAAR Firewall Analysis Audit And Repair 0.4.1



Posted by at No comments:
Labels: , , , , , , , , ,

Tuesday, November 6, 2012

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

TRY: 'print' mode. One command, and spreadsheet for your audit needs!

Features

  • WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES - IS ONE FILE
  • .
  • Easy to Edit Menu Driven Text Interface
  • Capable of manipulating tens of thousands of rules, objects and groups
  • Handles infinitely deep groups
  • Capable of CIDR filtering connectivity in/out of policy rulebases.
  • Capable of merging rulebases.
  • Identifies existing connectivity in rulebases and policies
  • Automatically performs cleanup if a log file is provided.
  • Keeps DR connecitvity via any text or IP tag
  • Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
  • Runs consistency checks on its own objects and rule definitions
  • Extendable via a simple elsif in the user interaction loop section.
  • .
  • EASY TO EXECUTE:
  • ./360-faar.pl <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats>
  • .
  • CONFIG TYPES: - cisco soon!
  • od = logexported logs, object dumper format config, fwdoc format nat rules csv
  • ns = syslog format logs, screenos6 format config, nats are included in policy but not processed fuly yet, fwdoc format nats can be used though
  • cs = cisco asa syslog file, cisco ASA format config, - not ready yet
  • .
  • OUTPUT TYPES:
  • od = output an odumper/ofiller format config to file, and print the dbedit for the rulebase creation to screen
  • ns = outputs netscreen screenos6 objects and policies (requires a netscreen config or zone info)
  • cs = cisco asa format config - not ready yet
  • .
  • By default 360-FAAR accepts exactly 3 configs on the command line.
  • Make an empty file called "fake" and and use this as the file name, for log config and nats if you want to process less than 3 configs at once.
  • Log file headders in fw1 logexported logs are found automatically so many files can be cated together
  • .
  • FUTHER PROCESSING AND MANUAL EDITING:
  • Output odumper/ofiller format files and make them more readable (watchout for spaces in names) using the numberrules helper script
  • Edit these csv's in Openoffice or Excell using any of the object or group definitions from the three loaded configs.
  • You can then use this file as a template to translate to many different firewalls using the 'bldobjs' mode


Screens



Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)