James FitzGibbon
and 1 contributors

NAME

aclmaker.pl - simple CGI frontend to Cisco::ACL

DESCRIPTION

aclmaker.pl is a simple CGI script that uses the Cisco::ACL module to generate IOS access control lists.

The script is designed to emulate acl.pl, which is the original script that Cisco::ACL began life as. It is not meant to be in any way fancy or suitable for embedding in a large web site. There is no taint checking enabled, the content type of the output is text/plain, etc, etc, etc.

INPUT PARAMETERS

aclmaker.pl takes six input arguments:

  • permit_or_deny

    One of permit or deny.

  • src_addr

    Source and destination addresses may be specified in any combination of three syntaxes: a single IP address, a range of addresses in the format a.a.a.a-b.b.b.b or a.a.a.a-b, or a CIDR block in the format x.x.x.x/nn. You may supply a comma-separated list of any or all of these formats. Use the word "any" to specify all addresses. For example, all of the following are legal:

      10.10.10.20
      10.10.10.10-200
      20.20.20.20-30.30.30.30
      10.10.10.20
      10.10.10.10-200
      10.10.10.10/8,45.45.45.45 
  • src_port

    Ports may be specified as a singe port, a range of ports in the form xxxx-yyyy, or a comma separated list of any combination of those. The valid range is 0-65535.

  • dst_addr

    As with src_addr but for the destination endpoint.

  • dst_port

    As with src_port but tor the destination endpoint.

  • protocol

    The protocol for the ACL. One of tcp, udp or ip. For compatibility the value both is interpreted as ip.

OUTPUT

The output of aclmaker.pl is by design rather plain. Given the following input parms:

  • permit_or_deny = deny

  • src_addr = 192.168.0.1/24

  • src_port = any

  • dst_addr = any

  • dst_port = 25

  • protocol = tcp

The output is:

  deny tcp 192.168.0.0 0.0.0.255 any eq 25
  

SEE ALSO

Cisco::ACL

AUTHOR

James FitzGibbon, <jfitz@CPAN.org>.

Chris De Young (chd AT chud DOT net) wrote acl.pl, the guts of which are in Cisco::ACL but the interface of which this script emulates.

COPYRIGHT

This module is free software. You may use and/or modify it under the same terms as perl itself.