WYAE - FWTOOLS Mailing List Archive

RE: [fwtools] real port numbers in a rules-dump

From:

Date: Tue, 13 Apr 2004 17:59:15 +0200
hi dan

Thank you for fast response.

I'd prefer the port numbers in the rules dump: =20

$ perl fw1rules-7.3.39/fw1rules.pl  --object objects_5_0.C --rules =
suerte.W --template fw1rules-7.3.39/templates/rules.tsv  --output =
/tmp/rules; cat /tmp/rules
Number  From    To      Service Action  Track   Time    Install on      =
Comment
1       Any     Any     icmp-requests traceroute        accept  None    =
Any     suerte.testsite.domain.com
2       G_admin dupont.testsite.domain.com suerte.testsite.domain.com =
ssh http https  accept  Log     Any     suerte.testsite.domain.com
3       dupont.testsite.domain.com suerte.testsite.domain.com CPD =
CPD_amon FW1        accept  Log     Any     suerte.testsite.domain.com
4       suerte.testsite.domain.com dupont.testsite.domain.com FW1_log =
CPD FW1_ica_services FW1        accept  Log     Any     =
suerte.testsite.domain.com

Of course, I could merge the services dump with the rule dump with my =
own post-process script, but isn't there a option/whatever in fwrules.pl =
script itself, which does the same job? That would be much easier.

Thank you!

- reto

-----Original Message-----
From: WISNIEWSKI, DANIEL (SBCSI) [mailto:dw6794@sbc.com]
Sent: Dienstag, 13. April 2004 17:19
To: Schuettel, Reto; fwtools@wyae.de
Subject: RE: [fwtools] real port numbers in a rules-dump


For all AVAILABLE services

fw1rules.pl --objects=3D$OBJECTS --rules=3D$FWDIR/conf/$POLICY.W  =
--all_services --template=3D$services --output=3D



This gives a file such as:

Name|Type|Destination Port|Source Port (low)|Source Port =
(high)|pre-Match|Prolog|Members|Comment
Authenticated|group||||||telnet ftp http login|Authenticated group
bgp-tcp-179|tcp|179||||||
dest-unreach|icmp|||||||ICMP, destination unreach
echo-reply|icmp|||||||ICMP, echo reply
echo-request|icmp|||||||ICMP, echo request
exec|tcp|512||||||Remote execution (rexec)
ftp|tcp|21||||||File Transfer Protocol
ftp-data|tcp|20||||||ftp port 20
FTP-Group|group||||||ftp ftp-data|
gecho-reply|icmp|||||||ICMP, echo reply
gecho-request|icmp|||||||ICMP, echo request
gFW1_snmp|udp|260||||||Check Point VPN-1 & FireWall-1 SNMP Agent


Easy enough to manipulate -


What's the problem?
dan




 -----Original Message-----
From: reto.schuettel@ubs.com [mailto:reto.schuettel@ubs.com]=20
Sent: Tuesday, April 13, 2004 11:10 AM
To: fwtools@wyae.de
Subject: [fwtools] real port numbers in a rules-dump




Hi folks!

I'm looking for an extension which translates the services
'names' into real port numbers in a rules dump. I tried to
use the tag '<<>>' in my template, but that didn't work.

Thanks!

- reto

----------------------------------------------------------
FireWallTOOLS-Mailinglist                  fwtools@wyae.de
----------------------------------------------------------
to unsubscribe send a mail to: minimalist@wyae.de with the
subject: unsubscribe fwtools=20
RE: [fwtools] real port numbers in a rules-dump
From:
Date:	Tue, 13 Apr 2004 17:59:15 +0200