hknutzen / Netspoc

A network security policy compiler. Netspoc is targeted at environments with a large number of firewalls and admins. Firewall rules are derived from a single rule set. Supported are Cisco IOS, NX-OS, ASA, Palo-Alto, VMware NSX gateway firewalls and IPTables.

Home Page:http://hknutzen.github.io/Netspoc

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Netspoc

A network security policy compiler.

Test Status Coverage Status

Netspoc has been migrated from Perl to Go (golang). Released CPAN packages will contain compiled binaries for Linux-x86_64 architecture. These will be installed along with Perl scripts, typically in /usr/local/bin.

Netspoc is free software to manage all the packet filter devices inside your network topology. Filter rules for each device are generated from one central ruleset, using a description of your network topology.

  • Supports Cisco and Linux devices
    • Chains for iptables.
    • Access lists for ASA, NX-OS
    • Access lists for IOS with and without Firewall Feature Set.
  • Rules are optimized globally
    • Adjacent IP ranges and port ranges are joined.
    • Redundant rules are removed and optionally warned about.
  • Highly optimized chains for iptables are generated.
  • Object-groups for ASA and NX-OS are generated.
  • IPSec configuration for Cisco ASA, ASA and IOS is generated.
  • Commands for static routing are generated (optionally).
  • Network address translation (NAT) is supported.
  • HSRP / VRRP clusters are supported.
  • Multicast traffic for OSPF, EIGRP, HSRP, VRRP is supported.
  • Powerful rules language
    • Groups can be defined and reused in different rules.
    • Automatic groups utilize relationships of the topology.
  • Allows to define a secondary packet filter which gets simpler rules if a data stream has already been filtered at some other device.
  • Complex topologies with redundant paths are supported.
  • Pathrestrictions allow to restrict paths inside a redundant topology.

About

A network security policy compiler. Netspoc is targeted at environments with a large number of firewalls and admins. Firewall rules are derived from a single rule set. Supported are Cisco IOS, NX-OS, ASA, Palo-Alto, VMware NSX gateway firewalls and IPTables.

http://hknutzen.github.io/Netspoc

License:GNU General Public License v2.0


Languages

Language:Go 96.9%Language:Perl 2.7%Language:Shell 0.2%Language:C 0.1%Language:Makefile 0.0%