aclmaker.pl - simple CGI frontend to Cisco::ACL
aclmaker.pl is a simple CGI script that uses the Cisco::ACL module to generate IOS access control lists.
The script is designed to emulate acl.pl, which is the original script that Cisco::ACL began life as. It is not meant to be in any way fancy or suitable for embedding in a large web site. There is no taint checking enabled, the content type of the output is
text/plain, etc, etc, etc.
aclmaker.pl takes six input arguments:
Source and destination addresses may be specified in any combination of three syntaxes: a single IP address, a range of addresses in the format a.a.a.a-b.b.b.b or a.a.a.a-b, or a CIDR block in the format x.x.x.x/nn. You may supply a comma-separated list of any or all of these formats. Use the word "any" to specify all addresses. For example, all of the following are legal:
10.10.10.20 10.10.10.10-200 22.214.171.124-126.96.36.199 10.10.10.20 10.10.10.10-200 10.10.10.10/8,188.8.131.52
Ports may be specified as a singe port, a range of ports in the form xxxx-yyyy, or a comma separated list of any combination of those. The valid range is 0-65535.
As with src_addr but for the destination endpoint.
As with src_port but tor the destination endpoint.
The protocol for the ACL. One of
ip. For compatibility the value
bothis interpreted as
The output of aclmaker.pl is by design rather plain. Given the following input parms:
permit_or_deny = deny
src_addr = 192.168.0.1/24
src_port = any
dst_addr = any
dst_port = 25
protocol = tcp
The output is:
deny tcp 192.168.0.0 0.0.0.255 any eq 25
James FitzGibbon, <jfitz@CPAN.org>.
Chris De Young (chd AT chud DOT net) wrote acl.pl, the guts of which are in Cisco::ACL but the interface of which this script emulates.
This module is free software. You may use and/or modify it under the same terms as perl itself.