Skip to content

zenetys/fw-rule-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
flow_counter
flow_counter
 
 
fw-rules-generator
fw-rules-generator
 
 
parsing_forcepoint
parsing_forcepoint
 
 
parsing_fortigate
parsing_fortigate
 
 
README.md
README.md
 
 

Repository files navigation

Firewall rule tools

Here is a list of various tools that allow you to work with policies and Elasticsearch databases containing logs from different firewalls.

Below, you will find the objectives of each tool.

Package "flow_counter"

Flow counter - First version

This algorithm counts the flows traversing traffic using a simplified policy in the form of a CSV file. It will return both a CSV and an HTML file containing the previous information as well as the count of the different flows.

This version is precise and flexible, allowing the user to select the fields of interest, which will be searched in Elasticsearch. However, it sacrifices speed and reliability as it becomes slower and more prone to bugs as the policy grows larger.

Flow counter - Second version

This algorithm counts the flows traversing traffic using a simplified policy in the form of a CSV file. It will return both a CSV and an HTML file containing the previous information as well as the count of the different flows.

This version gains in speed and reliability. Each Elasticsearch query is independent and depends only on a single field, making it much faster and less prone to bugs. However, it loses the precision and flexibility of the first program, as it relies solely on the field corresponding to the ID/TAG of the different rules

Capture d’écran du 2025-06-02 16-02-57

Package "fw-rules-generator"

Firewall rules generator

The algorithm identifies network flows from an Elasticsearch database. It generates both an HTML and a CSV file summarizing the used services, source and destination IP addresses, the action applied by the firewall, as well as a counter for each flow.

It extracts the following information: Service, source and destination IP address, action, log count associated with the generated rule

Capture d’écran du 2025-05-27 10-15-54

Package "parsing_forcepoint"

Parser forcepoint

This algorithm generates a simplified policy using a Forcepoint firewall configuration file in XML format. It produces a CSV and an HTML file for viewing and analyzing the rules.

It extracts the following information: Rule tag, name of the policy containing the rule, source and destination IP address, NAT address, service, action

Capture d’écran du 2025-06-02 15-57-29

Package "parsing_fortigate"

Parser fortigate

This algorithm generates a simplified policy using a Fortigate firewall configuration file in CONF format. It produces a CSV and an HTML file for viewing and analyzing the rules.

It extracts the following information: Rule ID, rule name, source and destination interface, source and destination IP address, service, action, schedule, log traffic

Capture d’écran du 2025-06-02 15-54-36

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages