The spelling-challenged opensource project capirca from google is a stripped down version of their own ACL management code (python, apparently).
It gives a simple way to describe your firewall policy and then apply anywhere.
They have ACL modules for Cisco, Juniper and iptables in the bundle but also mention force10 and some more. Obviously it’s extensible for any device you want.
They kinda pick up where fwbuilder with it’s lack of all-over central (or group-specific) policies left off.
For me who definitely has “QoS-all-the-way-through” on his plans, this is so great I can hardly put it. I would’ve had to hack something my on own, it would not have been better, and have cost time, obviously.
The main site is here: http://code.google.com/p/capirca/downloads/list
Kinda funny the presentation there calls Facebook’s server farm size a “rounding error” 😉
Also check out this introduction http://aconaway.com/2010/04/10/a-quick-intro-to-googles-capirca/