[128901] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: (cisco, or any) acl reducers out there?

daemon@ATHENA.MIT.EDU (Michael Holstein)
Thu Aug 19 15:31:27 2010

Date: Thu, 19 Aug 2010 15:31:17 -0400
From: Michael Holstein <michael.holstein@csuohio.edu>
To: George Michaelson <ggm@apnic.net>
In-Reply-To: <5F0D0E5F-2BB3-43EB-B56A-F622763D78C3@apnic.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


> I'm wondering if anyone has written a parser which can construct rule-trees and get rid of the cruft, unusable, order-misorder and other issues in a large ACL pool?
>   

fwbuilder (www.fwbuilder.org) can import Cisco ACLs and impart a
checkpoint-esque rule tree for you to look at, change, and test .. then
recompile back into ACL syntax. Also works on IPtables, PF, and a few
other things.

Cheers,

Michael Holstein
Cleveland State University


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[128901] in North American Network Operators' Group

Re: (cisco, or any) acl *reducers* out there?

daemon@ATHENA.MIT.EDU (Michael Holstein)Thu Aug 19 15:31:27 2010

Re: (cisco, or any) acl reducers out there?

daemon@ATHENA.MIT.EDU (Michael Holstein)
Thu Aug 19 15:31:27 2010