> I'm wondering if anyone has written a parser which can construct rule-trees > and get rid of the cruft, unusable, order-misorder and other issues in a > large ACL pool? >
fwbuilder (www.fwbuilder.org) can import Cisco ACLs and impart a checkpoint-esque rule tree for you to look at, change, and test .. then recompile back into ACL syntax. Also works on IPtables, PF, and a few other things. Cheers, Michael Holstein Cleveland State University
