James FitzGibbon
and 1 contributors


aclmaker.pl - simple CGI frontend to Cisco::ACL


aclmaker.pl is a simple CGI script that uses the Cisco::ACL module to generate IOS access control lists.

The script is designed to emulate acl.pl, which is the original script that Cisco::ACL began life as. It is not meant to be in any way fancy or suitable for embedding in a large web site. There is no taint checking enabled, the content type of the output is text/plain, etc, etc, etc.


aclmaker.pl takes six input arguments:

  • permit_or_deny

    One of permit or deny.

  • src_addr

    Source and destination addresses may be specified in any combination of three syntaxes: a single IP address, a range of addresses in the format a.a.a.a-b.b.b.b or a.a.a.a-b, or a CIDR block in the format x.x.x.x/nn. You may supply a comma-separated list of any or all of these formats. Use the word "any" to specify all addresses. For example, all of the following are legal:, 
  • src_port

    Ports may be specified as a singe port, a range of ports in the form xxxx-yyyy, or a comma separated list of any combination of those. The valid range is 0-65535.

  • dst_addr

    As with src_addr but for the destination endpoint.

  • dst_port

    As with src_port but tor the destination endpoint.

  • protocol

    The protocol for the ACL. One of tcp, udp or ip. For compatibility the value both is interpreted as ip.


The output of aclmaker.pl is by design rather plain. Given the following input parms:

  • permit_or_deny = deny

  • src_addr =

  • src_port = any

  • dst_addr = any

  • dst_port = 25

  • protocol = tcp

The output is:

  deny tcp any eq 25




James FitzGibbon, <jfitz@CPAN.org>.

Chris De Young (chd AT chud DOT net) wrote acl.pl, the guts of which are in Cisco::ACL but the interface of which this script emulates.


This module is free software. You may use and/or modify it under the same terms as perl itself.