Date: Tue, 25 Aug 1998 13:38:54 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: isp@FreeBSD.ORG Subject: Macro processing? - Firewall configs... Message-ID: <35E2B05E.6841AE1A@tdx.co.uk>
next in thread | raw e-mail | index | archive | help
Hi All,
Does anyone know of a simple 'language' I can use to help look after our
firewall configs?
I've looked at M4, but it's a bit complex - all I need is some kind of
pre-processor that can go through a config file containing statements like:
"allow tcp from anywhere to me.primary http
allow tcp from me.primary for http to anywhere established"
And translate it to,
"allow tcp from any to 192.168.0.1 80
allow tcp form 192.168.0.1 80 to any established"
If possible I'd love to be able to put 'special' tokens in so that I can get
away with something like:
"allow tcpservice from anywhere to me.primary http"
And have something expand this out, creating the initial 'inbound' rule, and an
equivalent reversed rule with the 'established' flag set...
Someone mentioned firewall control languages in the past (with reference to
having one config which can be turned into a Cisco IOS configuration, or a
FreeBSD ipfw configuration) - This doesn't bother me too much, as all our
firewalls are FreeBSD based...
At the moment I'm using shell scripts with ${} expansion's, which is bad -
leaves me open to typos (e.g. $something expands to ""), and means the config
files are hard to read (mainly because of all the '$'s ;-)
Can anyone suggest anything?
Regards,
Karl Pielorz
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35E2B05E.6841AE1A>