Community discussions

MikroTik App
 
daan99
just joined
Topic Author
Posts: 13
Joined: Sat Apr 09, 2011 1:36 am

Firewall visualize.

Sun Aug 26, 2012 9:04 pm

I am writing a script to visualize firewall rules, do you think it's useful for someone? If so I'll have the motivation to do it as a CGI.

Picture on http://blog.asgard-gate.net/index.php/2 ... -mikrotik/
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Firewall visualize.

Sun Aug 26, 2012 9:59 pm

Add the ability to group by arbitrary attribute (not just chain) on not just filters, but also NATs and mangles, and this tool will be invaluable for debugging and training alike.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
daan99
just joined
Topic Author
Posts: 13
Joined: Sat Apr 09, 2011 1:36 am

Re: Firewall visualize.

Sun Aug 26, 2012 10:27 pm

The objective is to group the NAT, mangle and filter. In addition, I think about the interfaces or IP addresses filters.
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Firewall visualize.

Sun Aug 26, 2012 10:49 pm

Filtering would be nice, but IMHO, a grouping in a similar way to the screenshot, but with another parameter, would make it all that more readable.

I mean, it would be really nice being able to see the full rules that a packet with a certain pattern (IP address, interface, etc.) will end up matching across the firewall. I can imagine such investigation revealing false positives or extra rules that never get matched.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
daan99
just joined
Topic Author
Posts: 13
Joined: Sat Apr 09, 2011 1:36 am

Re: Firewall visualize.

Tue Aug 28, 2012 11:33 am

This week I will try to put the script to test for the world :). I also think to generate more dynamic AJAX, JS flowcharts, not just static pictures. But first good parser, then bells and whistles :)
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Firewall visualize.

Tue Aug 28, 2012 12:10 pm

You don't need a good parser. That's what the API is for - an interface where the data is trivial to parse (and in fact, many clients do already have parsers). Simply work trhough it instead of SSH.

A dynamically arranged chart (like literally being rearranged on-the-flyi as you move and click on stuff) would be truly awesome, but I think having just an SVG graphic with a clickable link, which in turn generates a new SVG graphic would still be cool (and of course, useful), while probably being easier to implement. I mean, how did you draw that thing there? GraphViz I'd assume? I believe GraphViz does have the option to generate links over graph nodes when SVG is being generated.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
fluxburn
just joined
Posts: 16
Joined: Fri Mar 19, 2010 4:57 pm

Re: Firewall visualize.

Wed Aug 29, 2012 5:40 am

Hum, I find visual diagrams essential for understanding systems. I'll try this out.
 
User avatar
shadowskippie
Member Candidate
Member Candidate
Posts: 211
Joined: Tue Dec 21, 2010 6:20 pm

Re: Firewall visualize.

Wed Aug 29, 2012 6:48 pm

this i like....can't wait to see it in action
 
daan99
just joined
Topic Author
Posts: 13
Joined: Sat Apr 09, 2011 1:36 am

Re: Firewall visualize.

Fri Aug 31, 2012 2:56 am

You don't need a good parser. That's what the API is for - an interface where the data is trivial to parse (and in fact, many clients do already have parsers). Simply work trhough it instead of SSH.
Parser is for rsc files, SSH is good for read data, there is no need to open next port on router.

The form on the right, very early version (Feel free to kill it :) ).
http://neutrino.asgard-gate.net/index.p ... 2012-09-31
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Firewall visualize.

Fri Aug 31, 2012 4:49 pm

Oh. I see. Your current implementation visualizes an ".rsc" file.

Well, if you use the API or SSH, you can visualize a live router instead. If you do that, I'm sure you'll find the API significantly easier to work with than SSH. I mean, the API was after all designed to be easy to work with programatically.

Do you have the source of that app available somewhere? Maybe I could make a different version that uses the API. Or (if you've already abstracted things in a good enough fashion) add the API as an additional option.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
daan99
just joined
Topic Author
Posts: 13
Joined: Sat Apr 09, 2011 1:36 am

Re: Firewall visualize.

Sun Sep 02, 2012 11:04 pm

Do you have the source of that app available somewhere? Maybe I could make a different version that uses the API. Or (if you've already abstracted things in a good enough fashion) add the API as an additional option.
Application source code will be made available by the GIT repository as soon as I deal with it.
The application is meant to be divided into 3 layers, a collection of data (API files. Rsc, SSH), processing (filters) and display (Graphviz for now....).
 
daan99
just joined
Topic Author
Posts: 13
Joined: Sat Apr 09, 2011 1:36 am

Re: Firewall visualize.

Wed Sep 05, 2012 9:49 pm

A little fun with JS and HTML elements can be moved :)
http://neutrino.asgard-gate.net/index.p ... javascript
 
User avatar
AnRkey
Member Candidate
Member Candidate
Posts: 119
Joined: Tue Sep 15, 2009 6:01 pm

Re: Firewall visualize.

Thu Sep 27, 2012 1:38 pm

Oh please please please open source this. It's a very cool idea!
MTCNA
 
daan99
just joined
Topic Author
Posts: 13
Joined: Sat Apr 09, 2011 1:36 am

Re: Firewall visualize.

Thu Oct 04, 2012 12:29 am

View of the target application and info available at this link .
and a small demo here.
Take a look, and comment :)

Who is online

Users browsing this forum: romakov and 22 guests