Vyatta is fantastic as a routing product, but one thing I always hate is having to maintain firewall rules. The web interface makes managing rules cumbersome and the command line, whilst the best way to create rules, is hopeless if you need to re-order, re-number or do any of these types of tasks. To be fair, this is a problem on most routers and is not specific to Vyatta itself.
To ease my pain, I have put together an excel spreadsheet with supporting macros that reduces the burden of creating, maintaining and adding firewall rules. It allows you to create most rules straight through the spreadsheet, with a fair degree of input validation built right in. I have tried to encompass as much of the firewall configuration options available from the Vyatta CLI straight into the spreadsheet.
The best part is the macro behind the scenes that will present a form and text box with your CLI commands ready to copy and paste into your console window.
Please test and give me any feedback on bugs, irritations or suggestions in the comments area. I must confess that I have never done any Excel VBA programming before, so there may be better or more efficient ways to code the back end. If you have any suggestions on the VBA code, let me know 
Note 1: I created this in Excel 2010, but it should be backwards compatible with Excel 2007. If there is enough demand, I’ll port it back to the Office 97-2003 format as well.
Note 2: I have protected the worksheet, preventing any changes to any part of the spreadsheet, except for data entry positions. There is no password however, so feel free to un-protect and mess around. Please send me any changes or suggestions you come up with and I’ll incorporate into the next release.
Download: 
Vyatta Firewall Generator, 0.1
Nice one – looks to work quite well. This would also be useful to have in a DR scenario – save a sheet per appliance & you have all your configs quickly available to stand a new one up.
[...] via Vyatta Excel Firewall Rule Generator « Adam’s Tech Notes. [...]
Pretty cool. I added a link to this page on Vyatta’s user submitted tutorials page http://www.vyatta.org/documentation/tips-tricks
I downloaded, but am I missing something or is there a file missing? There is no xcel file.
See the reply to the comment below. The file is an XLSM file. It is a macro enabled excel spreadsheet compatible with Excel 2007 and 2010.
Hi, sounds JUST like what I want – but I have Excel 2007, and it does not seem to understand the files at all. When I unzip the files, what file am I supposed to open?
There is nothing to unzip. The file you download is an *.xlsm file extension (Excel Spreadsheet with Macro), opened natively by Excel 2007 and Excel 2010. Try downloading again and opening from withing Excel. Your explorer “Open With” option with the XLSM extension may be corrupt.
More info on XLSX, XLSM etc: http://blogs.msdn.com/b/excel/archive/2006/07/20/671995.aspx
Ok Adam. Not seeing what you say I should see… When I click the download link, I definitely get a .zip file.
The file is called: Vyatta-Firewall-Generator.v0.1.zip
I can extract this file, and it contains folders and files, but nothing that Excel likes the look of.
I have looked at your XLSX information link, and I see that it says that the format xlsm incorporates the zip format. So, on a hunch, I renamed the downloaded file to add the .xlsm extension.
Shazam! It worked. I can then open the file in excel 2007, and it all looks great.
So, to Ipforce, and others like me out there, it seems that somewhere along the line the extension has changed itself to .zip, and if you change it back to .xlsm it works fine.
Just a quick follow up – the spreadsheet is fantastic. Thanks very much for making this available!
Glad to hear you got it working! I’ve heard of this happening with some browsers; they try to guess what kind of file you’re downloading and rename the file extension.
Hi Adam
Great spreadsheet – thanks for your hard work. You have saved me several hours today
I ran into a couple of small problems however -
The last few columns are being ignored – the config generator code selects up to column P but should select up to column W to catch the Fragment, ICMP, TCP and Limit settings (very easily fixed)
Also, it’s not possible to use groups in the source or destination address. I tried putting “group address-group web-servers” in column F but the generated output ends up as: “set firewall name eth1.1668.in rule 280 source address group address-group web-servers” (note the extra “address” between “source” and “group”. That little gotcha is not so easily fixed I fear.
Thanks again and keep up the good work
An IPv6 check box or selector would be nice. It’s just a matter of changing the “name” to “ipv6-name”
This is fantastic. I wrote an UGLY suite of php scripts I use against csv files for dnat and snat rules, but this is much elegant. MUCH more elegant.
Thanks!
I just wanted to tell you that I got the spreadsheet to work in Excel 2003 without doing anything special. My process to get it to work was to save the file, unblock the file, let Excel 2003 convert the spreadsheet, and enable the macros. When I clicked on the button I got the popup popup window shown above. Pretty cool!