Rule checker - firewall audit
-
Hi
I recently took over a pfsense box on a rather big network. Lots of aliases, lots of subnets and vlans.
I have been ordered to do an audit, and the rules are such a mess, that it almost seems like an impossible task.
A tool that would really help me, would be a piece of software, that are able to check ip/net for connectivity. This would enable me, to quickly get a list of ip adresses / ports that a specific ip is allowed to communicate with.
Have any of you heard about such software?
If not, are anyone interested in collaborating on making that software? I'm an sort of skilled PHP programmer.Thanks for your time guys!
Kasper
-
Usually the use of aliases help make it easier to understand. Is it really the case that the rules are a "mess", or is it that you are having a hard time understanding what they are doing? I doubt you will get much response for the project you propose, but we're more than happy to help you figure out your rules.
-
@KOM:
Usually the use of aliases help make it easier to understand. Is it really the case that the rules are a "mess", or is it that you are having a hard time understanding what they are doing? I doubt you will get much response for the project you propose, but we're more than happy to help you figure out your rules.
Thanks for your answer. But they are a mess. It's not just me who are having troubles understanding them. They're a mess. :)
-
I suspect a manual audit is your only option. Validate everything one by one.
-
How many rules you talking about? So your wanting a tool like nipper? https://www.titania.com/nipperstudio
Yeah I don't think they have support for pf..
-
How many rules you talking about? So your wanting a tool like nipper? https://www.titania.com/nipperstudio
Yeah I don't think they have support for pf..
I would say around 5000 rules.
-
5000?? That just seems insane..
Yeah an audit is in order along with a restructure and simplification most likely…
-
Not exactly what you are looking for, but maybe this will help to identify rules with no hits:
https://forum.pfsense.org/index.php?topic=97925.msg545345#msg545345
