Index of /~dave/Security/fwprint-6.0.1

      Name                    Last modified       Size  Description


[DIR] Parent Directory        12-Dec-2005 19:28      -  
[   ] COPYING                 14-Nov-1998 02:11    18k  
[   ] Makefile                18-Dec-1998 13:54     1k  
[IMG] bar.gif                 14-Nov-1998 00:26     6k  
[   ] dumpnet.c               14-Nov-1998 00:26     3k  
[   ] enscript.st.mod         14-Nov-1998 02:19     1k  
[   ] find_gateways.c         14-Nov-1998 00:26     8k  
[   ] find_obj.c              14-Nov-1998 01:22     2k  
[   ] find_svc.c              14-Nov-1998 00:27     2k  
[   ] fwprint                 14-Nov-1998 01:40     2k  
[TXT] fwprint.html            14-Nov-1998 02:14    15k  
[   ] header.h                14-Nov-1998 00:27     5k  
[   ] llobjects.c             14-Nov-1998 01:20     1k  
[   ] llresolv.c              14-Nov-1998 00:27    10k  
[   ] llrules.c               14-Nov-1998 00:27    10k  
[   ] llservices.c            14-Nov-1998 01:20     3k  
[   ] main.c                  14-Nov-1998 02:14    10k  
[   ] objects.h               14-Nov-1998 01:21     2k  
[   ] parse_obj.c             14-Nov-1998 01:22     5k  
[   ] parse_rules.c           14-Nov-1998 00:35     8k  
[   ] parse_svc.c             14-Nov-1998 00:29     5k  
[   ] rules.h                 14-Nov-1998 00:29     2k  
[   ] services.h              14-Nov-1998 01:21     2k  


fwprint -- A program for printing FW-1 3.x rulebases
Dave Wreski <dave@nic.com>
November 15, 1998

Introduction:
------------------

About six months ago my group was having a problem using
the Windows GUI to print the firewall rules, and it appears to
still have a problem on very large rulebases.

So, in my spare time I wrote a C parser to parse the objects.C
and *.W files, and produce human-readable output.  It evolved 
into something that was quite involved, allowing you to print
out only all the services, objects, or everything in the rulebase,
which you can then manipulate with standard UNIX tools. Please,
no comments about perl.  I'm sure someone could have done it
in perl, but I didn't.

The objects file changed quite a bit between 2.x and 3.x, and even
in each of the 3.x releases.  It currently works for the latest
3.0b version, and I don't think it will work for the old 2.x any
longer.

Getting Started:
-----------------------

Step one should be to compile the program, and check out the
HTML man page included.  Then download the enscript program
from ftp://prep.ai.mit.edu/pub/gnu and compile and 
install that.  The enscript program is used to convert
the output to postscript.  The 'enscript.st.mod' file is an 
additional formatting function that I've developed to highlight 
various parts of the output.  You can find the stock one that
gets installed with enscript as /usr/local/share/enscript.st. 
Just add the contents of this file to the bottom of the 
stock file.

Ask me if you'd like a precompiled Solaris 2.5.1/2.6 version, if
it is not at all possible to do it on your own.

This program is licensed under the GNU copyleft.  I really did it 
to brush up on my C skills, which weren't all that great to begin 
with, but the program works reliably, but don't take my word for it.
The rulebase files are opened read-only.

I'd really be interested in any comments people have, and perhaps
even bugfixes, or show me how to improve my linked list and char
pointer manipulation ;)

Using fwprint:
----------------

fwprint is really a shell script, that calls the real C program,
called fwrules. This is so I could provide a wrapper program
to control the output manipulation into postscript, and
sending it to a printer, etc.  Feel free to call fwrules
directly if you want ASCII output.

For any output but the simple rules, like as is shown on the
default FW-1 GUI, it will be difficult to read unless you have
a 130 col xterm, for example.  The postscript does a nice
job of fitting it on a 8.5x11" sheet of paper.


Sample Usage:
------------------
Some sample usage is as such:

fwprint 6.0.1 November 14, 1998
See http://nic.com/~dave/Security/fwprint.html
Usage:
        fwprint [-h] [-x] [-r|-o|-s|-a] [-v] [-n objname] [-g gwname]
                -j filter-file -f rule-base

        Try using default.W for rule-base and objects.C for filter-file

        -r               Print rules only
        -o               Print objects only
        -s               Print services only
        -n objname       Print information about a specific object
        -a               Print all information available
        -v               Combined with other options, will print verbosely
        -p               Force printing to screen
        -i [0|1]         Use 0 for source or 1 for destination
        -g gwname        Specify gateway name
        -x               Show a list of usage examples

         NOTE: The -a, -r, -s and -o default to postscript output
         Use -p option to force ASCII printing to stdout

You can print all the rules matching a particular pattern, such as only
one specific gateway, or even all the rules that match a particular object.

Regards,
Dave Wreski