5

I need apply the same rules (lists of IPs with allow and drop rules) in firewalls of Linux and *BSD. Do you know some application (CLI) for to convert a list of rules in the specific format of each firewall?.

The application for to convert the rules is only a idea. Other solutions for the problem are welcome.

Rufo El Magufo
  • 321
  • 2
  • 12

2 Answers2

4

http://www.fwbuilder.org/

Firewall Builder supports a wide range of firewall platforms, including Cisco ASA & PIX, Linux iptables, BSD pf and many more. You’re not confined to one platform—or locked into a single vendor.

See the intro: http://www.fwbuilder.org/4.0/docs/firewall_builder_intro.html

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • Thanks. I know the tool but I need a CLI application. – Rufo El Magufo Sep 10 '11 at 20:02
  • Why? Fwbuilder doen't have to be on the actual firewall. You can prepare the rules on a workstation. I haven't really used it much, but it is an open souce project. You may be able to extract the conversion features... – Zoredache Sep 11 '11 at 00:35
  • Because is for an automatic script and the rules will be in a central server. I don't need extract the conversion code, I think the conversion is easy but I would like a well tested tool. – Rufo El Magufo Sep 11 '11 at 01:42
  • 1
    It (at least v5) has a cli: http://www.fwbuilder.org/4.0/man1/fwbedit.1.html – Mark Wagner Sep 28 '11 at 01:26
1

Such conversion is not always possible, since different packet filters have different logic and packet processing scheme. For example, there is no simple and straight way to convert iptables rules (with all those tables and chains) to ipfw or pf rules. It's better to just write new ruleset for needed firewall type with knowing what you need to get in the end.

gelraen
  • 2,311
  • 20
  • 19