Skip to content

Home

Jump to bottom
Patrick Lamaiziere edited this page Jan 24, 2023 · 3 revisions

Lsfw: a tool to list and test firewall rules in network equipments.

Lsfw uses the configuration of the network equipments and builds a (light) model of the network described by these equipments.
This allows to probe for access-list matching all over the network, doing routing, fire-walling or packet transformation (with limitations).

Lsfw is intended to be easily extended and flexible.

Network equipment

Lsfw implements:

  • Cisco routers
  • Cisco firewall (pix, fwsm)
  • OpenBSD Packet Filter
  • R70 <= Check Point Gaia < R80
  • Check Point Gaia >= R80
  • Fortinet Fortigate 6.X
  • Proxmox VE Firewall 7.0

Why lsfw?

The goal of lsfw is to help network administrators to deal with fire-walling on a huge network. You don't need lsfw if your firewall configuration is around 100 lines. We need it because our firewalls configurations is around 20 000 lines here.

Why is it still beta software?

This is beta software because I am not able to ensure that it will work on all configurations. I just can say that it works fine for us...

Anyway, bug reports are welcome and will be resolved as soon as possible.

Clone this wiki locally