Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: firewall rule lifecycle management
From: Victor Williams <vbwilliams () neb rr com>
Date: Wed, 31 Aug 2005 21:03:38 -0500


That's why I've started commenting rules, or groups of rules. Then I can go back later and determine if they are actually needed.

Martin wrote:
$quoted_author = "Bruce Smith" ;

From my PIX experience, clear rule counters every month. After a while, look
for the rules that have zero counts and then remove them. Can be scripted
and searched with grep.

that's a neat way of picking up dormant rules, but you'd still need to
review them manually to identify rules that should no longer be in place
even if traffic is still matching them.


firewall-wizards mailing list
firewall-wizards () honor icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]