Trystan Johnson > Farly-0.12 > Farly::Optimizer

Download:
Farly-0.12.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
View/Report Bugs
Module Version: 0.12   Source  

NAME ^

Farly::Optimizer - Deprecated - is now Farly::Rule::Optimizer

SYNOPSIS ^

  use Farly;
  use Farly::Rules;
  use Farly::Optimizer;

  my $file = "test.cfg";
  my $importer = Farly->new();
  my $container = $importer->process("ASA",$file);

  my $rule_expander = Farly::Rules->new( $container );
  my $expanded_rules = $rule_expander->expand_all();  

  my $search = Object::KVC::Hash->new();
  $search->set( "ID", Object::KVC::String->new("outside-in") );
  my $search_result = Object::KVC::List->new();
  $expanded_rules->matches( $search, $search_result );

  my $optimizer = Farly::Optimizer->new( $search_result );
  $optimizer->run();
  my $optimized_ruleset = $optimizer->optimized();

  my $template = Farly::Template::Cisco->new('ASA');
  foreach my $rule ( $optimized_ruleset->iter ) {
    $template->as_string( $rule );
    print "\n";
  }

DESCRIPTION ^

Farly::Optimizer finds duplicate and contained IP, TCP, and UDP firewall rules in a raw rule set.

Farly::Optimizer stores the list of optimized rules, as well as the list of rule entries which can be removed from the rule set without affecting the traffic filtering properties of the firewall.

The 'optimized' and 'removed' rule sets are expanded rule entries and may not correspond to the actual configuration on the device.

To view Farly::Optimizer actions and results add the following to "Log/Farly.conf"

 log4perl.logger.Farly.Optimizer=INFO,Screen
 log4perl.appender.Screen=Log::Log4perl::Appender::Screen 
 log4perl.appender.Screen.mode=append
 log4perl.appender.Screen.layout=Log::Log4perl::Layout::PatternLayout
 log4perl.appender.Screen.layout.ConversionPattern=%d %p> %F{1}:%L %M - %m%n

Logged rules are currently displayed in Cisco ASA format.

METHODS ^

new()

The constructor. A single expanded rule list is required.

  $optimizer = Farly::Optimizer->new( $expanded_rules<Object::KVC::List> );

verbose()

Have the optimizer all analysis results in Cisco ASA format

        $optimizer->verbose(1);

run()

Run the optimizer.

        $optimizer->run();

set_permit_action()

Change the default permit string. The default permit string is "permit."

        $optimizer->set_permit_action("accept");

set_deny_action()

Change the default deny string. The default deny string is "deny."

        $optimizer->set_permit_action("drop");

optimized()

Returns an Object::KVC::List<Object::KVC::Hash> container of all expanded firewall rules, excluding duplicate and overlapping rule objects, in the current Farly firewall model.

  $optimized_ruleset = $optimizer->optimized();

removed()

Returns an Object::KVC::List<Object::KVC::Hash> container of all duplicate and overlapping firewall rule objects which could be removed.

  $remove_rules = $optimizer->removed();

ACKNOWLEDGEMENTS ^

Farly::Optimizer is based on the "optimise" algorithm in the following paper:

Qian, J., Hinrichs, S., Nahrstedt K. ACLA: A Framework for Access Control List (ACL) Analysis and Optimization, Communications and Multimedia Security, 2001

COPYRIGHT AND LICENCE ^

Farly::Optimizer Copyright (C) 2012 Trystan Johnson

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

syntax highlighting: