Volker Tanger's
W Y A E . D E
| Problem with listing network objects not included in policy | |
| From: | Joel D Turoff |
| Date: | Fri, 12 Aug 2005 13:39:45 -0400 |
This is a multipart message in MIME format. --=_alternative 006160308525705B_= Content-Type: text/plain; charset="US-ASCII" Greetings! I'm hoping someone on this list can help me with a problem I've recently encountered using fw1rules. I'm running the script on a Solaris 8 SmartCenter which is running VSX on top of NG with Application Intelligence Release 54. I've got a number of rulebases on this SmartCenter and I've been using the scripts to generate HTML files of the rulebases. The problem is that all of a sudden, three network objects are suddenly being included in the html output for *all* of the rulebases, even though those network objects are only present in one rulebase! Has anyone else seen this situation? I was under the impression that by default, the script only included network objects that are included in the rulebase. We have a big requirement not to list the network objects if they don't occur in the rulebase. I've tried disabling the one implicit rule (to accept fw1 connections) and I've reviewed the rulebases to ensure that they do not reference the three objects that shouldn't be in the HTML report, but to no avail. Here is the command syntax I'm using. ./fw1rules.pl --title="Customer Rulebase" --objects=objects_5_0.C --rules=customer.W --with_ip --with_colors --icon_path=icons --ou tput_html=customer.html Any information would be greatly appreciated. I can't seem to figure out why these three network objects would appear in every rulebase, when they are only used in one. Thanks. Joel --=_alternative 006160308525705B_= Content-Type: text/html; charset="US-ASCII"
Greetings!
I'm hoping someone on this list can help me with a problem I've recently encountered using fw1rules.
I'm running the script on a Solaris 8 SmartCenter which is running VSX on top of NG with Application Intelligence Release 54.
I've got a number of rulebases on this SmartCenter and I've been using the scripts to generate HTML files of the rulebases. The problem is that all of a sudden, three network objects are suddenly being included in the html output for *all* of the rulebases, even though those network objects are only present in one rulebase!
Has anyone else seen this situation? I was under the impression that by default, the script only included network objects that are included in the rulebase. We have a big requirement not to list the network objects if they don't occur in the rulebase.
I've tried disabling the one implicit rule (to accept fw1 connections) and I've reviewed the rulebases to ensure that they do not reference the three objects that shouldn't be in the HTML report, but to no avail.
Here is the command syntax I'm using.
./fw1rules.pl --title="Customer Rulebase" --objects=objects_5_0.C --rules=customer.W --with_ip --with_colors --icon_path=icons --ou
tput_html=customer.html
Any information would be greatly appreciated. I can't seem to figure out why these three network objects would appear in every rulebase, when they are only used in one.
Thanks.
Joel --=_alternative 006160308525705B_=--