Firewall Wizards mailing list archives

Re: firewall rule lifecycle management

From: Victor Williams <vbwilliams () neb rr com>
Date: Wed, 31 Aug 2005 21:03:38 -0500

True.

That's why I've started commenting rules, or groups of rules. Then Ican go back later and determine if they are actually needed.



Martin wrote:

$quoted_author = "Bruce Smith" ;

From my PIX experience, clear rule counters every month. After a while, look
for the rules that have zero counts and then remove them. Can be scripted
and searched with grep.



that's a neat way of picking up dormant rules, but you'd still need to
review them manually to identify rules that should no longer be in place
even if traffic is still matching them.

cheers
marty

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

firewall rule lifecycle management Michael Cox (Aug 30)
- RE: firewall rule lifecycle management Bruce Smith (Aug 31)
  - Re: firewall rule lifecycle management Martin (Aug 31)
    - Re: firewall rule lifecycle management Victor Williams (Aug 31)
- Re: firewall rule lifecycle management Skip Carter (Aug 31)
- Re: firewall rule lifecycle management Joe Matusiewicz (Aug 31)
- Re: firewall rule lifecycle management Kevin (Aug 31)
- Re: firewall rule lifecycle management Christoph Haas (Aug 31)
- <Possible follow-ups>
- Fwd: firewall rule lifecycle management Brenno Hiemstra (Aug 31)