capirca
http://code.google.com/p/capirca/
Multi-platform ACL generation system
Developed internally at Google, this system is designed to utilize common definitions of networks and services and high-level policy files to facilitate the development and manipulation of network access control filters (ACLs) for various platforms.