Is there a good way to get a human-friendly printout of firewall rules for documentation purposes? I realize I can export the configuration, but that shows the commands to insert the rules instead of just the rules themselves. That may have to work, but I was hoping for someway to print the rules in a friendly version for firewall rules.
If not, is there some third-party application that makes it easy to document firewall rules, even if they have to be typed in manually?
Thanks.
I’m not entirely sure what you’re looking for. What kind of ‘friendly’ format are you looking for?
How would you want the following to be displayed, for example?
/ip firewall filter
add chain=forward dst-address=192.168.1.10 protocol=tcp dst-port=80 src-address=172.16.1.0/24 action=accept
I don’t know really. I was thinking there might be some software that puts firewall rules in categories and in some way that most people would be able to read them.
Not necessarily, but perhaps something like this. I could probably do something to parse the configuration and generate something, but I don’t want to re-invent anything that already exists.
Forward:
Source: 172.16.1.0/24 Interface: AAA
Destination:192.168.1.10:80TCP
ACCEPT
Source: ANY
Destination: 1.1.1.1:999UDP Interface: BBB
ACCEPT
CHAIN_B:
Source: 2.2.2.2/32
Destination: ANY
DROP
INPUT:
Source…
etc…
I’m not aware of anything that performs that task. Maybe someone else does.
That said, personally I find RouterOS firewall filter rules fairly easy to read. It wouldn’t be hard to write a Perl script to parse them.