Firewall Wizards mailing list archives
Re: Security policy language
From: Matthew Hannigan <mlh () zip com au>
Date: Thu, 25 Jan 2007 10:56:05 +1100
On Wed, Jan 24, 2007 at 09:51:13AM +0100, Marco Cremonini wrote:
Hi all, I would like to ask you a suggestion for a project we are developing. The project aims to automate some monitoring functionality with firewall policy management (just iptables, at present). The problem is: We would like to implement/adopt a high-level specification language for the definition of a security policy, something that should let to specify the policy at organizational level. Such a policy should then be translated into specific fw rules. [ .. ]
It's probaby not high level enough for you, but are you aware of http://www.fwbuilder.org/ ? Here's an excerpt from the FAQ. It does cisco pix as well, but that costs. Frequently Asked Questions for Firewall Builder 2.0 and 2.1 Vadim Kurland vadim () fwbuilder org Revision History Revision $Revision: 1.6 $ $Date: 2007/01/06 20:09:22 $ Revised by: vk Firewall Builder consists of an object-oriented GUI and a set of policy compilers for various firewall platforms. In Firewall Builder, a firewall policy is a set of rules; each rule consists of abstract objects that represent real network objects and services (hosts, routers, firewalls, networks, protocols). Firewall Builder helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. Object databases are stored in XML format. The GUI and policy compilers are completely independent. The GUI requires only minimal changes in order to add support for a new firewall platform even though a new policy compiler must be written. This provides for a consistent abstract model and the same GUI for different firewall platforms. Standardized XML data format opens possibility for many user interfaces and policy compiler implementations, all interchangeable. We have policy compilers for the popular free firewalls iptables http://www.iptables.org/, ipfilter http://coombs.anu.edu.au/~avalon/, pf http://www.benzedrine.cx/pf.html. Because of the modular architecture, Firewall Builder can be used to manage firewalls built on a variety of platforms including, but not limited to, Linux using iptables, ipfilter on FreeBSD or Solaris and pf on OpenBSD. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security policy language Marco Cremonini (Jan 24)
- Re: Security policy language Marcus J. Ranum (Jan 24)
- Re: Security policy language Tina Bird (Jan 24)
- Re: Security policy language Avishai Wool (Jan 25)
- Re: Security policy language Tina Bird (Jan 24)
- Re: Security policy language Dave Piscitello (Jan 24)
- Re: Security policy language R. DuFresne (Jan 25)
- Re: Security policy language Stephen P. Berry (Jan 24)
- Re: Security policy language Matthew Hannigan (Jan 24)
- <Possible follow-ups>
- Re: Security policy language Jean-Denis Gorin (Jan 25)
- Re: Security policy language Marcus J. Ranum (Jan 24)