aerleon: Generate firewall configs for multiple firewall platforms

aerleon

Generate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line tool and Python API.

Aerleon is a fork of Capirca with the following major additions:

• YAML policy and network definition files and pol2yaml, a converter from Capirca policy DSL to YAML.
• Network definitions with FQDN data.
• New firewall platforms can be added through plugins.
• Typed Python APIs for ACL generation and aclcheck queries.
• A SLSA-compatible verifiable release process.
• A detailed regression test suite.
• Many bug fixes and performance enhancements.

Core Supported Generators

• Arista
• Aruba
• Brocade
• Cisco
  • Cisco ASA
  • Cisco NX
  • Cisco XR
• Cloud Armor
• Google
  • Cloud Armor
  • GCE
  • GCP
• IPSet
• IPTables
• Juniper
  • JuniperSRX
  • Juniper EVO
  • Juniper MPC
• Kubernetes
• NFTables
• VMWare NSXV
• Packet Filter
• Palo Alto
• PCAP Filters
• Windows
  • Advanced Firewall
  • IPSec

Install & Use

Copyright (C) 2023 aerleon

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy