Showing results for 
Search instead for 
Did you mean: 

converting weird bsd ipfw ruletable to asa/pix acl's

Rising star
Rising star

Has anyone found a viable way of converting the very odd rule definitions of an ipfw on bsd to a usable format like acl's ? I am really breaking my brain with stuff like "skip" rules ? why would you wan't that and how can i convert that to a usable acl ? The manual way is killing me, cause skip seems to jump around in the ruleset on some specific traffic to a count rule and then some more rules, so the actual ruleset is not read on a first match only, but also jumps around to other parts of the rules at runtime.

1 Reply 1

Frequent Contributor
Frequent Contributor

The simple answer is NO. Pix lacks a lot

of the features that offers in other

firewalls. There are some vendors out there

that claimed that they can convert the

rulebase for you, such as Solsoft. I did

a project of converting checkpoint rule

into Pix rules and the configuration on

the Pix went up to 900K lines in the

configuration. Pix could not handle it

and blew up.

I've tried Solsoft and it can not do the

conversion either.

CCIE Security

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers