El jue, 28 de 10 de 2004 a las 18:32, Dave Paris escribiÃ: > > J.R. Barreras (barreras@xxxxxxxxxxxxxxx) wrote: > > > >Hi all! > >How can I do compare iptables rule sets produced by different scripts? > >Any tools? Ideas? > > > >Waiting for yours reply, thanks in advance... > > What if you load the ruleset, then run 'iptables -nvL', normalize the > output a little (under interfaces, a '*' would match any specific > interface specified under a different ruleset) and simply compare the > output of the two? > > Sounds like a fairly trivial-ish task for someone fluent in Perl. > > Kind Regards, > -dsp I would say that it's better to compare the capabilities of the scripts and not just the rules. A firewall can make it's work in a lot of different ways, and diff-ing the rules is not a good idea. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
