Firewall visualize.

daan99 · August 26, 2012, 6:04pm

I am writing a script to visualize firewall rules, do you think it’s useful for someone? If so I’ll have the motivation to do it as a CGI.

Picture on http://blog.asgard-gate.net/index.php/2012/08/26/wizualizacja-regul-firewall-a-mikrotik/

boen_robot · August 26, 2012, 6:59pm

Add the ability to group by arbitrary attribute (not just chain) on not just filters, but also NATs and mangles, and this tool will be invaluable for debugging and training alike.

daan99 · August 26, 2012, 7:27pm

The objective is to group the NAT, mangle and filter. In addition, I think about the interfaces or IP addresses filters.

boen_robot · August 26, 2012, 7:49pm

Filtering would be nice, but IMHO, a grouping in a similar way to the screenshot, but with another parameter, would make it all that more readable.

I mean, it would be really nice being able to see the full rules that a packet with a certain pattern (IP address, interface, etc.) will end up matching across the firewall. I can imagine such investigation revealing false positives or extra rules that never get matched.

daan99 · August 28, 2012, 8:33am

This week I will try to put the script to test for the world . I also think to generate more dynamic AJAX, JS flowcharts, not just static pictures. But first good parser, then bells and whistles

boen_robot · August 28, 2012, 9:10am

You don’t need a good parser. That’s what the API is for - an interface where the data is trivial to parse (and in fact, many clients do already have parsers). Simply work trhough it instead of SSH.

A dynamically arranged chart (like literally being rearranged on-the-flyi as you move and click on stuff) would be truly awesome, but I think having just an SVG graphic with a clickable link, which in turn generates a new SVG graphic would still be cool (and of course, useful), while probably being easier to implement. I mean, how did you draw that thing there? GraphViz I’d assume? I believe GraphViz does have the option to generate links over graph nodes when SVG is being generated.

fluxburn · August 29, 2012, 2:40am

Hum, I find visual diagrams essential for understanding systems. I’ll try this out.

shadowskippie · August 29, 2012, 3:48pm

this i like…can’t wait to see it in action

daan99 · August 30, 2012, 11:56pm

Parser is for rsc files, SSH is good for read data, there is no need to open next port on router.

The form on the right, very early version (Feel free to kill it ).
http://neutrino.asgard-gate.net/index.php/en/projects/mtvisual/13-mt-visualization-2012-09-31

boen_robot · August 31, 2012, 1:49pm

Oh. I see. Your current implementation visualizes an “.rsc” file.

Well, if you use the API or SSH, you can visualize a live router instead. If you do that, I’m sure you’ll find the API significantly easier to work with than SSH. I mean, the API was after all designed to be easy to work with programatically.

Do you have the source of that app available somewhere? Maybe I could make a different version that uses the API. Or (if you’ve already abstracted things in a good enough fashion) add the API as an additional option.

daan99 · September 2, 2012, 8:04pm

Application source code will be made available by the GIT repository as soon as I deal with it.
The application is meant to be divided into 3 layers, a collection of data (API files. Rsc, SSH), processing (filters) and display (Graphviz for now…).

daan99 · September 5, 2012, 6:49pm

A little fun with JS and HTML elements can be moved
http://neutrino.asgard-gate.net/index.php/en/projects/mtvisual/15-html-and-javascript

AnRkey · September 27, 2012, 10:38am

Oh please please please open source this. It’s a very cool idea!

daan99 · October 3, 2012, 9:29pm

View of the target application and info available at this link .
and a small demo here.
Take a look, and comment

nics · February 8, 2022, 4:58pm

Hello, any progress on this? Was there any culprit?