Firewall Wizards mailing list archives

RE: Sun/Solaris Checkpoint FW-1 Question

From: "Chris Todd" <chris () christophertodd com>
Date: Wed, 23 Jun 2004 20:58:23 -0400

Alex,

Check out the FW1rules.pl script you can find here:
http://www.wyae.de/software/fw1rules/  It can parse the objects.c and
rulebasename.W files from your CP box and convert it to HTML (in a format
that looks like the CP GUI), or txt, csv, or sql.  I have only ever used the
HTML option (so as to grab a client's rule set for doing a firewall review),
so I can't say whether the TXT, CSV, or SQL output is useful, but I can say
this is the only script I've ever found that could parse the Checkpoint
configs.

As for converting this to other firewall rule formats, you might want to
check out FWBuilder - http://www.fwbuilder.org/  It is designed to be a kind
of platform-independent firewall rule set builder, though it doesn't
currently support Checkpoint, and you have to pay for the PIX module.  But
it will do netfilter/iptables, ipfilter, or pf.  I toyed with the idea of
tweaking the fw1rules.pl script so it would output Fwbuilder xml files that
might be imported into fwbuilder, but I have less than zero free time.  :-(
Maybe some day.

HTH,
Chris

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Alex
Bihlmaier
Sent: Wednesday, June 23, 2004 1:40 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Sun/Solaris Checkpoint FW-1 Question


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Guys,


One of my customers is using the Checkpoint FW-1 Firewall and has a
relativly large ruleset. (large as in large for just typing it down)

I want to get a ASCII (or any other format, netfilter, pf) output of the
running rules for backup purposes.


Does anyone know the appropriate tool or has a good hint for me? ;)


thx and greetings from germany,
~ thalunil
- --
Use PGP to encrypt/sign your eMail.

Get my public key at: http://www.kallisti.de/users/thalunil/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA2cBVZRXhGxCXApsRAuv0AKDiuZC22CxwwK7mNJcepT0csZxrBQCeOHFe
sFzlxrwv3X7y+fi9LtcCQW8=
=Yaml
-----END PGP SIGNATURE----- _______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Sun/Solaris Checkpoint FW-1 Question Alex Bihlmaier (Jun 23)
- Re: Sun/Solaris Checkpoint FW-1 Question Steffen Kluge (Jun 24)
- RE: Sun/Solaris Checkpoint FW-1 Question Chris Todd (Jun 24)
- Re: Sun/Solaris Checkpoint FW-1 Question Andras Kis-Szabo (Jun 24)
- Re: Sun/Solaris Checkpoint FW-1 Question Erick Mechler (Jun 24)
- Re: Sun/Solaris Checkpoint FW-1 Question Marcus J. Ranum (Jun 25)
  - Re: Sun/Solaris Checkpoint FW-1 Question Alex Bihlmaier (Jun 28)