A firewall manager periodically accesses a set of servers to identify the various services currently active on each server. The firewall manager also periodically accesses a set of firewalls configured to protect those servers to identify various firewall rules implemented by those firewalls. The firewall manager then compares the services data with the rules data to identify any obsolete firewall rules that are (i) defined based on an IP address not currently allocated to any of the servers or (ii) defined based on a port of an active server that is not associated with any service running on server. Such rules are considered obsolete. Upon identifying any obsolete firewall rules, the firewall manager accesses the firewalls associated with those rules and then removes the obsolete rules.