Farly - "Firewall Analysis and Rewrite LibrarY" Farly is a firewall rule analysis library. Farly translates a vendor specific firewall configuration into an easily searchable vendor independent firewall model. Using the Farly firewall model, Perl script based firewall management tools can be written to perform tasks such as firewall security audits, group or rule optimizations or large scale firewall configuration changes. Farly is object oriented, using a "key value coding" style. Each line of firewall configuration is represented by an Object::KVC::Hash object. Each property within the line of configuration is represented by a key value pair. The key describes what the property within the specific line of configuration is, such as "ID," or "SRC_IP." The Object::KVC::Hash value objects are the basic types found in a firewall configuration, such as IP addresses, protocols, port numbers, string identifiers and references to other configuration elements. The entire firewall device model, made up of Object::KVC::Hash objects, is stored in an Object::KVC::List. The Object::KVC::List class implements object search functionality required for firewall rule analysis. See "Farly" package SYNOPSIS for code which will dump a container, illustrating the Farly model. (The file 'test.cfg' in the /t directory may be used as an example firewall configuration.) See the "demo" directory for Farly usage examples. INSTALLATION To install this module type the following: perl Makefile.PL make make test make install DEPENDENCIES Object::KVC Parse::RecDescent Log::Log4perl Template UNIVERSAL::DOES Carp Scalar::Util IO::File File::Spec DEVICES SUPPORTED Cisco ASA 7.2 and up. LIMITATIONS - The Farly model is a subset of the firewall configuration relevant to interfaces, objects, groups, rules, and static routes. - Interface IP addresses set with 'dhcp' are not supported. - NAT configurations are not modeled. - No IPv6 support - The Cisco "ne" port operator is not currently supported. BUGS The most likely bugs are around unrecognized variations within a firewall configuration. Farly should throw an exception and display the unrecognized line of configuration. TODO - More documentation - More example scripts - More devices supported - IPv6 support - IPv4 NAT support ACKNOWLEDGEMENTS Thank you to eHealth Saskatchewan for supporting the testing of this software. Thank you to Marlin Berg for many valuable insights during the construction of this library. AUTHOR Trystan Johnson <tjohnson@cpan.org> COPYRIGHT AND LICENCE Farly - "Firewall Analysis and Rewrite LibrarY" Copyright (C) 2012 Trystan Johnson This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.