That's not art, that's my firewall!
January 3, 2008 10:05 AM   Subscribe

How do you draw a picture depicting firewall rules? Do you know of any examples?

I'm looking for a way to depict firewall rules as a picture or graph, sort of like a network diagram. Can you point me to examples or documentation on standard ways of depicting firewall rules graphically?
posted by grumpy to Computers & Internet (3 answers total) 3 users marked this as a favorite
Much of the visualization research being done now is geared toward analyzing rules for anomalies, optimization, risk level, or real-world usage, with dynamic displays that don't present too much at once.

There really isn't any simple, standard way, because what would be visually useful (or even just appealing) won't scale well for large rule bases, especially those with rules containing a lot of sources, destinations, or services.

With a graph you'll likely end up with a messy tangle of lines and boxes that shows what's easier understood viewing the rules themselves. You could depict traffic flow, to see where sources can go to or what can reach a destination, but that's only useful per-source or per-destination. Unwieldy for large networks.

If you're looking for something functional, to make it easy to see what can get to what, the simplest thing is the standard layout: columns and rows, ordered based on the type of object (used loosely to refer to one of source or destination). By 'type' I mean the risk category assigned to a given object. Anything outside your network would be high risk, for example.

You can then order the rule base so rules governing traffic between objects with the same risk level are all together, as are rules for traffic that crosses risk boundaries (like pokes to your DMZ, or from your DMZ to internal systems).

The rule base can be printed out with different background colors for each of those rule sections. Effectively, a color-coded chart of how risky your rule base is, based on how large each section is. It'll show you what to focus on for optimizing each section, opportunities for removing or combining rules, where you can reduce or eliminate risk, etc. Further, each rule is as large as the number of objects in it, making it plain which are most risky and which are nice and tight.
posted by jma at 10:49 AM on January 3, 2008 [1 favorite]

This PDF has a diagram on page 5.
posted by Lockeownzj00 at 2:01 PM on January 3, 2008 [1 favorite]

Thanks guys. Neither answer was what I was hoping for, but I appreciate the info.

jma, you've obviously given this some thought.
posted by grumpy at 4:00 PM on January 7, 2008

« Older Is it possible to have a normal relationship after...   |   I just want to plug things in Newer »
This thread is closed to new comments.