APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Examining Kerio Control Traffic Rules

© May 2019 Anthony Lawrence


A simple Perl script helps display Kerio Control traffic rules.

I often have to look at customer's Kerio Control Firewall rules. Sometimes I have direct access and can actually log in to their firewall, but that's not always true, so in those cases I ask them to export their configuration and send it to me.

I have sometimes loaded that configuration into my own test firewall, but that's time consuming and annoying. Most of the configuration file is easy enough to just examine in a text editor, with the only real exception being the traffic rules. The problem with the rules is that they are unordered in the file and lack the color grouping that can be very helpful in examining them.

To fix that, I wrote a simple Perl script that reads a Kerio Control winroute.cfg file and outputs html like this:

Example of Control rules script

This script could stand some improvement. I'd like to be able to hover over defined names and see IP addresses, for example. Eventually I might want to expand this to include other parts of the file. I also haven't matched Kerio's colors carefully.

Most importantly, I have not yet tested this with enough samples to be certain that no bugs remain. However, it is certainly a starting point and in some respects is actually preferable to loading the configuration into a working firewall because it emphasizes certain things that you might otherwise not notice. In that respect, it could be helpful to people who are not troubleshooting others configurations.

# Tony Lawrence, https://aplawrence.com November 2012
open(I,"<:crlf","winroute.cfg") or die "No winroute!";
while (<I>) {
  $intraffic=1  if /^<list name="TrafficRules/;
  next if /^<list name="TrafficRules/;
  $intraffic=0 if /^<.list>/;
  next if not $intraffic;
  next if /<listitem>/;
  push @holding,$_;
  store_it() if (/<.listitem>/);
print "<html><body><table>\n";
print "<tr><th>Rule ID</th>";
print "<th>Enabled</th>";
print "<th>Rule Name</th>";
print "<th>Description</th>";
print "<th>Allowed_Source(s)</th>";
print "<th>Allowed_Destination(s)</th>";
print "<th>Proxy</th>";
print "<th>Service</th>";
print "<th>Time</th>";
print "<th>Permit</th>";
print "<th>Source_NAT</th>";
print "<th>Destination_NAT</th></tr>";
foreach(@all) {
 @stuff=split /\014/;
 push @disp, "\n<tr>";
 foreach(@stuff) {
   $colorvalue=$colors[$value - 1] if ($name eq "Color");
   next if ($name eq "Color");
   if ($name eq $lastn and $lastn) {
     push @disp,  "\n<br />$value";
   if ($name ne $lastn) {
     push @disp,  "</td>\n";
   if (not $value) {
     push @disp,  "<td>$name = (unset)"; 
   push @disp,  "<td>$name = $value";
 foreach(@disp) {
   s/Enabled = 1/Yes/;
   s/Enabled.*/<b>NOT ENABLED<\/b>/;
   s/Service = .unset./Service = Any/;
   s/Description = .unset./Service = /;
   s/<tr>/<tr style="background-color:$colorvalue">/;
 print "</td>\n</tr>\n";
 print "</td>\n</tr></table>\n\n</body></html>\n";

sub store_it {
foreach(@holding) {
if (/<variable name="Order">/) {
 next if /<.listitem>/;
 if ($lastseen =~ /Src/ and $name =~/Proxy/) {
   #print STDERR "Need Dst $lastseen  $name\n";
   $string .= "<variable name=\"Dst\">Any</variable>\014";
   #print STDERR "$string\n";
 if ($lastseen =~ /Description/ and $name =~ /Dst/) {
   #print STDERR "Need Src $lastseen  $name\n";
   $string .= "<variable name=\"Src\">Any</variable>\014";


sub value {
  my @v=/<.*>(.*)<.*>/;
  return $v[0];

sub name {
  my @v=/<variable name="(.*)">.*<.*>/;
  return $v[0];

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Examining Kerio Control Traffic Rules


Inexpensive and informative Apple related e-books:

Take Control of Apple Mail, Third Edition

Take Control of OS X Server

Are Your Bits Flipped?

Take control of Apple TV, Second Edition

Photos: A Take Control Crash Course

More Articles by © Anthony Lawrence

Thu Nov 8 20:52:59 2012: 11420   MadsFogAlbrechtslund


Hi Anthony

I have some new colors for you.

Kerio Control Color 1 = "#FFFFFF"
Kerio Control Color 2 = "#EFFF11"
Kerio Control Color 3 = "#C9D8ED"
Kerio Control Color 4 = "#FFCCCC"
Kerio Control Color 5 = "#C9EEC6"
Kerio Control Color 6 = "#D3BFEB"
Kerio Control Color 7 = "#FDE8CA"
Kerio Control Color 8 = "#E8E8E8"

But I can't the the order right in the script.
If in change the @colors, so the the list is from 1-8, then it is almost perfect, but the colors are "moved" one stop. So 1 becomes 2, and 2 becomes 3 and so on.

Thu Nov 8 20:57:36 2012: 11421   TonyLawrence


Thanks for finding those.. I was being lazy :-)

The array starts at 0 - so the "first" is colors[0], not colors[1]

Thu Nov 8 21:09:24 2012: 11422   TonyLawrence


And that means this change:

$colorvalue=$colors[$value - 1] if ($name eq "Color");


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

Writing in C or C++ is like running a chain saw with all the safety guards removed. (Bob Gray)

Linux posts

Troubleshooting posts

This post tagged:



Kerio Info

Kerio Pricing

Kerio RSS Feed



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode

SCO Unix Sales, Support, & Service

Phone:  707-SCO-UNIX (707-726-8649Toll Free: 833-SCO-UNIX (833-726-8649)