I happened to bump into him the other day in the data centre and thought I may be able to help him. At first, I thought I could model this in a direct graph and visualise it using Graphviz. It turned out to be quite awkward and not easy to model. I also explored in converting the rules to XML, but I need a good XML nagivator that I can traverse which I couldn't find one. After some thought, I realised I may be able to use Freemind, a free mind mapping software to visualise the data. This looked very promising but it may take a while for me to implement something useful for my colleague. He needs a tool now.
This implementation that I am going to show you is pretty easy. First, I need to plant my anchors (<a name=>) for host name, object-group, access-group, interface and line number. Second, I need to find out all the references that refer to the above anchors (that's about 1500+) and make them hyperlink. A CGI shell script is used to 'grep' the pattern when the user click on any of the anchors in the left menu, the script also dynamically highlights the search word in red. All the hyperlinks are clickable so that it can jump to the reference anchor in the original firewall configuration file for details, especially if the link is a object-group. Line numbers are also dynamically hyperlinked.
The whole process of converting the plain text firewall configuration to dynamical web front end can be achieved by shell scripts and Tcl. Tcl "string map" is very power in converting references to html hyperlinks. My original implementation using the 'dump' way took hours to do. With "string map", it took 19 seconds! Such a performance gain can only be achieved by using the right tool for the right job. BTW, lots of thinking involved before the actual implementation.
I blurred the screen dump to hide the actual firewall details. Just to cover my ass. FYI, I will still explore the freemind way when I have more time.