aerleon
Generate firewall configs for multiple firewall platforms from a single platform-agnostic configuration language through a command line tool and Python API.
Aerleon is a fork of Capirca with the following enhancements:
- New platform generators can now be added as plugins. Users no longer need to fork the project to add support for new platforms. Common platform support is still built in.
- YAML is now supported for policy files, network definitions, and service definitions.
- A powerful new Generate API is added that accepts policies, network definitions, and service definitions as native Python data.
- Performance in address book generation for SRX and Palo Alto targets is greatly improved.
- A detailed regression test suite was added to the project.
- Unit and regression tests run automatically on all pull requests.
- New developer tools are integrated with the project: Poetry, PyProject, nox, Codecov, and Sigstore.
Core Supported Generators
- Arista
- Aruba
- Brocade
- Cisco
- Cisco ASA
- Cisco NX
- Cisco XR
- Cloud Armor
- Google
- Cloud Armor
- GCE
- GCP
- IPSet
- IPTables
- Juniper
- JuniperSRX
- Juniper EVO
- Juniper MPC
- Kubernetes
- NFTables
- VMWare NSXV
- Packet Filter
- Palo Alto
- PCAP Filters
- Windows
- Advanced Firewall
- IPSec
Install & Use
Copyright (C) 2023 aerleon
