Firewall rule management

We claim: 1. A method of managing firewall rules, the method comprising: displaying a plurality of firewall rules enforced by a plurality of firewall devices in a datacenter, wherein the firewall devices comprise (i) firewall engines executing on host computing devices, (ii) network perimeter firewall devices, and (iii) firewall appliances; after receiving a set of filtering criteria, displaying a subset of the plurality of firewall rules that satisfy the set of filtering criteria; and after receiving a modification to a particular firewall rule in the displayed subset, modifying the particular firewall rule, wherein at least one firewall appliance is an application firewall gateway that performs deep packet inspection. 2. The method of claim 1 , wherein the firewall devices comprise different types of firewall devices. 3. The method of claim 1 , wherein at least one network perimeter firewall device is a standalone device that executes a firewall engine without executing any compute end node. 4. The method of claim 1 , wherein the application firewall gateway enforces firewall rules that are defined in terms of L7 data message header values. 5. The method of claim 1 , wherein the firewall devices comprise firewall devices from different vendors. 6. The method of claim 1 , wherein displaying the plurality of firewall rules comprises providing a firewall management console that serves as a single interface for receiving, modifying, filtering, and debugging firewall rules for the plurality of different firewall devices in the data center. 7. A method of managing firewall rules, the method comprising: displaying a plurality of firewall rules enforced by a plurality of firewall devices in a datacenter; after receiving a set of filtering criteria, displaying a subset of the plurality of firewall rules that satisfy the set of filtering criteria; and after receiving a modification to a particular firewall rule in the displayed subset, modifying the particular firewall rule, wherein displaying the plurality of firewall rules comprises providing a firewall management console that serves as a single interface for managing a plurality of different firewall devices in the data center, wherein the firewall management console comprises a first section for displaying firewall rules that are defined for re-directing data messages to one or more third party appliances that perform one or more security services in the datacenter, and a second section for displaying firewall rules that are enforced by other firewall devices in the datacenter. 8. The method of claim 7 , wherein the firewall management console comprises a filter control through which the set of filtering criteria can be received. 9. The method of claim 8 , wherein the firewall management console accesses a firewall rule storage that stores firewall rules for the plurality of firewall devices in order to identify the plurality of firewall rules and to identify the subset of the plurality of firewall rules. 10. The method of claim 7 , wherein the firewall management console comprises a first section for displaying firewall rules that are defined by reference to L3 parameters, and a second section for displaying firewall rules by reference to L2 parameters. 11. The method of claim 7 , wherein each firewall rule includes a tuple for defining a set of firewall devices for enforcing the firewall rule. 12. The method of claim 11 , wherein the tuple defines the set of firewall devices by reference to high level group constructs or low level constructs, wherein the method further comprises: when the tuple includes high level group constructs, resolving the high level group construct into one or more lower level constructs that define the firewall devices for enforcing the firewall rule. 13. The method of claim 7 , wherein the set of firewall devices includes first and second firewall devices, the method further comprising distributing the firewall rule to first and second firewall devices. 14. A non-transitory machine readable medium storing a program for managing firewall rules, the program comprising sets of instructions for: displaying a plurality of firewall rules enforced by a plurality of firewall devices in a datacenter, wherein the firewall devices comprise (i) firewall engines executing on host computing devices, (ii) network perimeter firewall devices, and (iii) firewall appliances; after receiving a set of filtering criteria, displaying a subset of the plurality of firewall rules that satisfy the set of filtering criteria; and after receiving a modification to a particular firewall rule in the displayed subset, modifying the particular firewall rule, wherein at least one firewall appliance is an application firewall gateway that performs deep packet inspection. 15. The non-transitory machine readable medium of claim 14 , wherein the firewall devices comprise different types of firewall devices. 16. The non-transitory machine readable medium of claim 14 , wherein the application firewall gateway enforces firewall rules that are defined in terms of L7 data message header values. 17. The non-transitory machine readable medium of claim 14 , wherein the firewall devices comprise firewall devices from different vendors. 18. The non-transitory machine readable medium of claim 14 , wherein the set of instructions for displaying the plurality of firewall rules comprises a set of instructions for providing a firewall management console that serves as a single interface for receiving, modifying, filtering, and debugging firewall rules for the plurality of different firewall devices in the data center. 19. A non-transitory machine readable medium storing a program for managing firewall rules, the program comprising sets of instructions for: displaying a plurality of firewall rules enforced by a plurality of firewall devices in a datacenter, wherein the firewall devices comprise (i) firewall engines executing on host computing devices, (ii) network perimeter firewall devices, and (iii) firewall appliances; after receiving a set of filtering criteria, displaying a subset of the plurality of firewall rules that satisfy the set of filtering criteria; and after receiving a modification to a particular firewall rule in the displayed subset, modifying the particular firewall rule, the modified rule enforced by at least one firewall device in the plurality of firewall devices, wherein at least one network perimeter firewall device is a standalone device that executes a firewall engine without executing any compute end node. 20. A non-transitory machine readable medium storing a program for managing firewall rules, the program comprising sets of instructions for: displaying a plurality of firewall rules enforced by a plurality of firewall devices in a datacenter; after receiving a set of filtering criteria, displaying a subset of the plurality of firewall rules that satisfy the set of filtering criteria; and after receiving a modification to a particular firewall rule in the displayed subset, modifying the particular firewall rule, wherein the set of instructions for displaying the plurality of firewall rules comprises a set of instructions for providing a firewall management console that serves as a single interface for managing a plurality of different firewall devices in the data center, wherein the firewall management console comprises a first section for displaying firewall rules that are defined for re-directing data messages to one or more third party appliance