Lsfw: a tool to list and test firewall rules in network equipments.

Lsfw uses the configuration of the network equipments and builds a (light) model of the network described by these equipments.
This allows to probe for access-list matching all over the network, doing routing, fire-walling or packet transformation (such as NAT, but this is not yet implemented).

Lsfw is intended to be easily extended and flexible.

Network equipment

Lsfw implements:

  • Cisco routers
  • Cisco firewall (pix, fwsm)
  • OpenBSD Packet Filter

Why lsfw?

The goal of lsfw is to help network administrators to deal with fire-walling on a huge network. You don't need lsfw if your firewall configuration is around 100 lines. We need it because our firewalls configurations is around 20 000 lines here.

Why is it still beta software?

This is beta software because I am not able to ensure that it will work on all configurations. I just can say that it works fine for us…

Anyway, bug reports are welcome and will be resolved as soon as possible.

Lsfw was previously named Jtacl, instances of “jtacl” in the source code were not renamed for obvious reasons

index.txt · Dernière modification: 2012/04/17 03:39 (édition externe)