Detect block rules that can be moved higher up in the ruleset

moshekaplan / palo_alto_firewall_analyzer

Python scripts for reviewing Palo Alto Firewall configurations

Creative Commons Zero v1.0 Universal

26 stars 8 forks source link

Detect block rules that can be moved higher up in the ruleset #47

Open moshekaplan opened 1 year ago

moshekaplan commented 1 year ago

Detect block rules that can be moved higher up in the ruleset without impacting rule evaluation; having the 'blocks' and 'allows' in two separate groups greatly simplifies rule analysis and reordering