Re: Firewall rules standards

[Glenn English <ghe () slsware com>]

On Wed, 2005-03-30 at 14:11 +1000, Tran, Nhon wrote:

> I support a number of customers using a number of different firewalls, and I
> was wondering if anyone has any guidelines for the presentation firewall
> rules or any firewall conventions when it comes to documenting the rules.
> Ie name conventions for groups or services, or rules for the creation of
> groups. Or the description of a rule
> I know this would be hard and vary from administrator to administrator but I
> was wondering if there is some sort of standard? My goal is to reduce the
> amount of rules and make them readable.

I don't know if this will address your problem (or even if it's going to
work) but I'm in the design phase of a big, but simple, perl script that
is to generate config files for an IOS router, a PIX, a NOC, some Linux
workstations and some OS X workstations on my networks. 

The idea is to have the firewall rules for, say, email generated in a
single function so all the firewalls will do what I want them to and so
the rules being generated will all be in the same place -- on the screen
when I write the code -- so I can carefully deal with the syntax
variations.

And the comments are supposed to be such that a pass over the program
with perldoc will generate my security policy -- the rules will be
readable and the same in there, and I will (hopefully) never need to
look at the actual rules on the various platforms.

-- 
Glenn English
ghe () slsware com
GPG ID: D0D7FF20

Attachment: signature.asc
Description: This is a digitally signed message part