Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Auditing a Firewall rulebase
From: "arvind doraiswamy" <arvind.doraiswamy () gmail com>
Date: Wed, 3 Dec 2008 09:46:16 +0530

Hey All,
Thank you once again for your feedback. Been a bit busy lately and not
got time to work on this. However version 1.2 is finally out. Just a
few key features added in this time:

--- Checks for internal IP's on an external interface as per RFC 1918
--- Checks for redundancy in access lists (does an access list get
covered by another nested list somewhere)
--- Checks for needless object groups at the network and the service level

You can find FWAuto 1.2 on Sourceforge at:

Hope this represents a little improvement on the last release and a
little more useful to you all. Your feedback as usual is extremely
important to me :) . Please tell me what's lacking and what more I can
put into it.


Hey All,
Thanks to everyone who gave me feedback. I've released version 1.1 of
the Firewall Rulebase Automation tool. Not a major upgrade but
still a
few things cleaned up and it looks better now:

- Outputs now available in reasonably neat HTML format :D
- No more complex command line arguments, everything's in a config
file- More ports added in vulnerable ports section
- Options available to obtain detailed/non detailed output

I wanted to put in detailed redundancy checking but the effort
involved was too high for this release. Maybe version 1.2 , whenever
that is ;).

The latest version is available at:

As usual please get back to me with your brickbats , they are the only
way I can improve on my work. Any good feedback, suggested
improvements and patches as well are thoroughly appreciated :)

Paladion Networks - http://www.paladion.net

---------- Forwarded message ----------
From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Wed, Jun 18, 2008 at 3:06 PM
Subject: Auditing a Firewall rulebase
To: pen-test () securityfocus com

Hi Guys,
Maybe there have been times when you have pentested a firewall. As
part of a grey box engagement you were assigned the task of auditing
that HUGE firewall rulebase and were stuck on how to proceed , just
because of the sheer volume of information. I hence have created a
little tool in Perl to help in auditing a rulebase and helping you in
narrow down on the weak rules. Obviously this is a big Work In
Progress and can be better but its a start and what I've written works
- Current support is just for Cisco PIX though the framework was
designed to scale across multiple firewalls and no major changes need
to be made.

Please come back to me with feedback on how I can make this better and
what I've missed in the first place. The code can be accessed at:

Arvind Doraiswamy
Security Consultant - Paladion Networks

This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
  • Re: Auditing a Firewall rulebase arvind doraiswamy (Dec 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]