Skip to content

Commit

Permalink
Enhancement: IOS ACL - Add support for ICMP (networktocode#808)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jpobeda
jpobeda authored Oct 26, 2020
1 parent c27df05 commit e4dfb8b
Show file tree
Hide file tree
Showing 6 changed files with 2,137 additions and 9 deletions.
17 changes: 10 additions & 7 deletions templates/cisco_ios_show_running-config_partition_access-list.textfsm
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,29 @@
Value Required,Filldown ACL_NAME (\S+)
Value Filldown ACL_TYPE (standard|extended)
Value LINE_NUM (\d+)
Value List COMMENT (.*)
Value ACTION (permit|deny)
Value PROTOCOL (\S+)
Value SRC_HOST (\d+\.\d+\.\d+\.\d+)
Value SRC_ANY (any)
Value SRC_NETWORK (\d+\.\d+\.\d+\.\d+)
Value SRC_WILDCARD (\d+\.\d+\.\d+\.\d+)
Value SRC_PORT_MATCH (eq|range|lt|gt)
Value SRC_PORT ((?<!range\s)\S+)
Value SRC_PORT_MATCH (eq|neq|range|lt|gt)
Value SRC_PORT ((?<!range\s).+?)
Value SRC_PORT_RANGE_START ((?<=range\s)\S+)
Value SRC_PORT_RANGE_END (\S+)
Value DST_HOST (\d+\.\d+\.\d+\.\d+)
Value DST_ANY (any)
Value DST_NETWORK (\d+\.\d+\.\d+\.\d+)
Value DST_WILDCARD (\d+\.\d+\.\d+\.\d+)
Value DST_PORT_MATCH (eq|range|lt|gt)
Value DST_PORT_MATCH (eq|neq|range|lt|gt)
Value DST_PORT ((?<!range\s)\S+)
Value DST_PORT_RANGE_START ((?<=range\s)\S+)
Value DST_PORT_RANGE_END (\S+)
Value FLAGS_MATCH (match-all|match-any)
Value TCP_FLAG (((\+|-|)ack(\s*?)|(\+|-|)established(\s*?)|(\+|-|)fin(\s*?)|(\+|-|)fragments(\s*?)|(\+|-|)psh(\s*?)|(\+|-|)rst(\s*?)|(\+|-|)syn(\s*?)|urg(\s*?))+)
Value LOG (log-input|log)
Value ICMP_TYPE (echo|echo-reply|administratively-prohibited|unreachable|port-unreachable|redirect|router-advertisement|router-solicitation|packet-too-big|time-exceeded|ttl-exceeded|parameter-problem)
Value TIME (\S+)


Expand All @@ -30,13 +33,13 @@ Start
# Record new named ACL; the record is required if a named ACL does not have any explicit policy entries.
^ip\s+access-list\s+${ACL_TYPE}\s+${ACL_NAME}\s* -> Record
# Record named ACL Extended entry
^\s+${ACTION}\s+${PROTOCOL}\s+(host\s+${SRC_HOST}|${SRC_ANY}|${SRC_NETWORK}\s+${SRC_WILDCARD})(\s+${SRC_PORT_MATCH}\s+(${SRC_PORT_RANGE_START}\s+${SRC_PORT_RANGE_END}|${SRC_PORT})|)\s+(host\s+${DST_HOST}|${DST_ANY}|${DST_NETWORK}\s+${DST_WILDCARD})(\s+${DST_PORT_MATCH}\s+(${DST_PORT_RANGE_START}\s+${DST_PORT_RANGE_END}|${DST_PORT})|\s+${TCP_FLAG}|)(\s+${LOG}|)(\s+time-range\s+${TIME}|) -> Record
^\s+(${LINE_NUM}\s+|)${ACTION}\s+${PROTOCOL}\s+(host\s+${SRC_HOST}|${SRC_ANY}|${SRC_NETWORK}\s+${SRC_WILDCARD})(\s+${SRC_PORT_MATCH}\s+(${SRC_PORT_RANGE_START}\s+${SRC_PORT_RANGE_END}|${SRC_PORT})|)\s+(host\s+${DST_HOST}|${DST_ANY}|${DST_NETWORK}\s+${DST_WILDCARD})(\s+${DST_PORT_MATCH}\s+(${DST_PORT_RANGE_START}\s+${DST_PORT_RANGE_END}|${DST_PORT})|\s+(${FLAGS_MATCH}\s+|)${TCP_FLAG}|)(\s+${ICMP_TYPE}|)(\s+${LOG}|)(\s+time-range\s+${TIME}|)\s*$$ -> Record
# Record named ACL Standard entry
^\s+${ACTION}\s+(${SRC_NETWORK}\s+${SRC_WILDCARD}|${SRC_ANY}|${SRC_HOST})(\s+${LOG}|)(\s+time-range\s+${TIME}|)\s* -> Record
^\s+(${LINE_NUM}\s+|)${ACTION}\s+(${SRC_NETWORK}\s+${SRC_WILDCARD}|${SRC_ANY}|${SRC_HOST})(\s+${LOG}|)(\s+time-range\s+${TIME}|)\s* -> Record
# Record named ACL Remark
^\s+remark\s+${COMMENT}\s*
^\s+(${LINE_NUM}\s+|)remark\s+${COMMENT}\s*
# Record numbered ACL Extended entry
^access-list\s+${ACL_NAME}\s+${ACTION}\s+${PROTOCOL}\s+(host\s+${SRC_HOST}|${SRC_ANY}|${SRC_NETWORK}\s+${SRC_WILDCARD})(\s+${SRC_PORT_MATCH}\s+(${SRC_PORT_RANGE_START}\s+${SRC_PORT_RANGE_END}|${SRC_PORT})|)\s+(host\s+${DST_HOST}|${DST_ANY}|${DST_NETWORK}\s+${DST_WILDCARD})(\s+${DST_PORT_MATCH}\s+(${DST_PORT_RANGE_START}\s+${DST_PORT_RANGE_END}|${DST_PORT})|\s+${TCP_FLAG}|)(\s+${LOG}|)(\s+time-range\s+${TIME}|)\s* -> Record
^access-list\s+${ACL_NAME}\s+${ACTION}\s+${PROTOCOL}\s+(host\s+${SRC_HOST}|${SRC_ANY}|${SRC_NETWORK}\s+${SRC_WILDCARD})(\s+${SRC_PORT_MATCH}\s+(${SRC_PORT_RANGE_START}\s+${SRC_PORT_RANGE_END}|${SRC_PORT})|)\s+(host\s+${DST_HOST}|${DST_ANY}|${DST_NETWORK}\s+${DST_WILDCARD})(\s+${DST_PORT_MATCH}\s+(${DST_PORT_RANGE_START}\s+${DST_PORT_RANGE_END}|${DST_PORT})|\s+(${FLAGS_MATCH}\s+|)${TCP_FLAG}|)(\s+${ICMP_TYPE}|)(\s+${LOG}|)(\s+time-range\s+${TIME}|)\s* -> Record
# Record numbered ACL Standard entry
^access-list\s+${ACL_NAME}\s+${ACTION}\s+(${SRC_NETWORK}\s+${SRC_WILDCARD}|${SRC_ANY}|${SRC_HOST})(\s+${LOG}|)(\s+time-range\s+${TIME}|)\s* -> Record
# Record numbered ACL Remark
Expand Down
Loading

0 comments on commit e4dfb8b

Please # to comment.