Monday, October 15, 2007

Freemind for visualisation

In my previous blog on Firewall Navigation, I promised to explore the use of Freemind to visualise the firewall rules. Let me give you a glimpse of it, but I can tell you that my web version is still the best.

If you model (mind map) something in freemind, you will get a XML file when you save your mind map. Below shows a sample of the XML file: 

<map version="0.8.0">
<node TEXT="pixfirewall">
<node TEXT="name" FOLDED="true">
<node ID="host11" TEXT="host1&#xa;10.0.1.1"/>
<node ID="host12" TEXT="host1&#xa;10.0.1.2"/>
<node ID="host13" TEXT="host1&#xa;10.0.1.3"/>
<node ID="host14" TEXT="host1&#xa;10.0.1.4"/>
<node TEXT="access-group" POSITION="left" FOLDED="true">
<node TEXT="DC_PROD_acl">
<arrowlink COLOR="#b2a3e3" DESTINATION="Interface1" ENDARROW="None"/>
</node>
<node TEXT="KIO_UAT_acl">
<arrowlink COLOR="#72f6c1" DESTINATION="Interface2" ENDARROW="None"/>
</node>
</node>
<node TEXT="object-group" POSITION="left" FOLDED="true">
<node ID="Public" TEXT="(port)Media_Port">
<cloud/>
<node TEXT="88"/>
<node TEXT="netbios-ns-netbios-dgm"/>
<node TEXT="389"/>
<node TEXT="domain"/>
</node>
</node>
</map>

I wrote a Tcl program to convert some of the Cisco firewall rules to Freemind XML nodes. Also, I tried to introduce some relationships between nodes. Anyway, for 12,000+ lines of firewall rules, it is going to be very very messy and very hard to nagivate. Also, it will take up a lot of memory to visual the model.

Here is a simplified view of the model:

Labels: ,

posted by chihungchan at 8:39 PM

2 Comments:

Blogger Raymond Tay said...

Good post! I wonder whether there is filtering capability that allows the user to select only a specific chain-of-links; purpose is to avoid clutter

9:25 AM  
Blogger chihungchan said...

Any branch of the tree in Freemind can be collapsed. If you collapse it and save it, you will see the FOLDED="true" attribute in the node.

The complexity of the firewall is far too complex to be visualised in Freemind or any other tools, IMO. I think the web-based hyperlink implementation is still the best. Anyway, I need to show the Freemind version to my network colleague for comment.

9:44 AM  

Post a Comment

<< Home