Detect redundant rule entries where one entry is a subset of the other

moshekaplan / palo_alto_firewall_analyzer

Python scripts for reviewing Palo Alto Firewall configurations

Creative Commons Zero v1.0 Universal

25 stars 8 forks source link

Detect redundant rule entries where one entry is a subset of the other #74

Open moshekaplan opened 10 months ago

moshekaplan commented 10 months ago

For example, a firewall policy whihc allows communications to both 10.0.0.0/8 and 10.0.0.0/16, should generate a finding that the 10.0.0.0/16 entry is extra. This should be added to RedundantRuleAddresses.