# a "PFulator" and converting from Cisco ACL to PF rules



## plamaiziere (Aug 27, 2011)

Hello,

This is a publicity...

I'm working on a tool (lsfw) that list the firewalls rules applied between two points of a network, from a source to a destination.

https://listes.cru.fr/wiki/jtacl/

This is useful when you have a large network with many routers/firewalls and many rules applied all along the network.

The tool is able to handle Packet Filter, Cisco Pix and Cisco IOS router. 

As we have migrated two Cisco PIX and one Cisco 7204 to a dual carp/pfsync firewalls (running OpenBSD sorry), I've made a version to convert Cisco access lists to Packet Filter rules. The tool is also able to run some test suites and it was very helpful to check the regressions on the new PF rules. Of course, you have to be very cautious with the use of such tool.

We use this tool a lot at $WORK (a university). There are many limitations, but at least it works for us.

Voila. I hope this work can be useful to help some migrations to PF. We have saved money with PF, and we are happy as it is very reliable.

Regards.


----------

