FWdoc is a vendor-independent standard of storing firewall ruleset configurations. We provide tools to extract the ruleset from proprietary formats into FWdoc format (in JSON), filter rules and objects, and export them into a number of other formats.
From the FWdoc file you can produce a well readable, cross-referenced HTML summary of the firewall configuration. A dump of network and service objects, users, rules and settings into separate files (TXT and Tab-separated tables) or templates (TXT, CSV, SQL, etc.) is possible.
FWdoc is the successor to ASLrules (Astaro), FW1Rules (CheckPoint) and ReadConfig (Raptor, Symantec)
|Documentation of FWdoc format and main tools.|
|Working (with) Parts|
The FWdoc system is designed in modules connected with shell pipes. Thus to create a HTML documentation of a CheckPoint configuration you could run e.g. the following command line:
fw1r70_to_fwdoc.pl | fwdoc_used_objects.py | fwdoc_to_html.py > DOC.html
Input converters (*_to_FWdoc)
|Support / Bugs|
Important Note when encountering errors!
As soon as a JSON (.fwdoc) file is broken, all Python programs will throw errors that look as program mistakes to the unaccustomed eye. If you pipe output from one command to the next please serialize the calls first, e.g. by writing to / reading from files, executing one FWDOC command a time.
Please check the validity of the FWdoc/JSON file with FWDOC_VERIFY.PY if in doubt. That little program either prints an okay message - or throws a lengthy and a bit cryptic error message describing the JSON misformatting.
There is a user/developer mailing list available. To subscribe send a mail with "subscribe fwtools" as subject to email@example.com
For bug reports and suggestions or if you just want to talk to me please contact me at firstname.lastname@example.org or write to the list at email@example.com (subscribers only).
FWdoc is represented at FreshMeat.NET where you can review release cycles, activity, etc.
|Roadmap / Contributing|
Please check the website for updates prior to submitting patches!
Currently I intend to develop - as spare time and
For details on licensing and support please see there.
|Software packages are published under "Gnu Public License"|
|To ensure the data format stays unmodified (and thus the data interchangeable), it is placed under the Creative Commons BY-ND License.|
All licenses are open source licenses.
The data acquisition is based on analysis of well known configurations. The script is not (officially) supported by Checkpoint, Astaro, etc. or representatives.