forked from trystanzj/Farly
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
115 lines (82 loc) · 3.36 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
Farly - "Firewall Analysis and Rewrite LibrarY"
Farly is a firewall rule analysis library.
Farly translates a vendor specific firewall configuration
into an easily searchable vendor independent firewall model.
Using the Farly firewall model, Perl script based firewall
management tools can be written to perform tasks such as
firewall security audits, group or rule optimizations or
large scale firewall configuration changes.
Farly is object oriented, using a "key value coding" style.
Each line of firewall configuration is represented by an
Farly::Object object. Each property within the line of
configuration is represented by a key value pair.
The key describes what the property within the specific
line of configuration is, such as "ID," or "SRC_IP."
The Farly::Object value objects are the basic types
found in a firewall configuration, such as IP addresses,
protocols, port numbers, string identifiers and references
to other configuration elements.
The entire firewall device model, made up of
Farly::Object objects, is stored in an Farly::Object::List.
The Farly::Object::List class implements object search
functionality required for firewall rule analysis.
See "Farly" package SYNOPSIS for code which will dump a
container, illustrating the Farly model. (The file 'test.cfg'
in the /t directory may be used as an example firewall
configuration.)
See the "demo" directory for Farly usage examples.
INSTALLATION
To install this module type the following:
perl Makefile.PL
make
make test
make install
DEPENDENCIES
Parse::RecDescent
Log::Log4perl
Template
Carp
Scalar::Util
IO::File
File::Spec
DEVICES SUPPORTED
Cisco ASA 7.2+
Cisco FWSM 3.x+
LIMITATIONS
- The Farly model is a subset of the firewall configuration relevant
to interfaces, objects, groups, rules, and static routes.
- Interface IP addresses set with 'dhcp' are not supported.
- NAT configurations are not modeled.
- No IPv6 support
- The Cisco "ne" port operator is not currently supported.
- Cisco's "identity firewall" feature is not currently supported.
BUGS
None known. The most likely bugs are around unrecognized variations within
a firewall configuration. Farly should throw an exception and display
the unrecognized line of configuration.
TODO
- More documentation
- More example scripts
- More devices supported
- IPv6 support
- IPv4 NAT support
ACKNOWLEDGEMENTS
Thank you to eHealth Saskatchewan for supporting the
testing of this software.
Thank you to Marlin Berg for many valuable insights
during the construction of this library.
AUTHOR
Trystan Johnson <[email protected]>
COPYRIGHT AND LICENCE
Farly - "Firewall Analysis and Rewrite LibrarY"
Copyright (C) 2012 Trystan Johnson
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.