Capirca

Google has just relased a new firewall generatool called Capirca. I'm in the middle of the presentation right now and it's very exciting. It not only generated firewal ACLs for Cisco, Juniper and iptables but it also will VALIDATE them against netflow info. No support yet for OpenBSD's pf but they say it should be easy to add. And (correction) Apache-licensed to boot!

Ha! Slides here!