Jathan McCollum
Jathan McCollum
Here's the syntax for the match conditions I have in the filters now: ``` term evil-8065_DSCP { /* Project:"non-zero TOS value DCSP" */ from { dscp-except [ be cs0 ];...
The magic comment `acl: make discard` can be put in to an ACL term to modify the behavior of the term for the purpose of access checks. This feature needs...
See python-netfilter (which actually has a parser): https://github.com/jlaine/python-netfilter Or python-iptables (which is a low-level lib): https://github.com/ldx/python-iptables See IPTables::Parse (Perl) for regex patterns: http://www.cipherdyne.org/modules/IPTables-Parse.html
We need to make some modifications to the "make discard" behavior, especially given how the NOC staff uses this information. This is the current syntax as displayed by check_access (match...
http://support.citrix.com/proddocs/topic/netscaler-advanced-networking-92-map/ns-nw-acl-intro-wrapper-con.html Example to follow...
Simple example: ``` add policy expression abc_123_dtc "SOURCEIP = 25.18.64.0 -netmask 255.255.240.0" add policy expression abc_123_mtc "SOURCEIP = 6.2.0.0 -netmask 255.255.240.0" add policy expression abc_123_ntc "SOURCEIP = 20.20.12.0 -netmask 255.255.255.0"...
We need to research the commands required to do this.
`trigger.acl.tools.check_access()` looks for both permits and denies and can search for membership within networks or port-ranges, protocols, but does not check modifiers such as fragment-offsets, or other header options. Because...
The timeouts for brocade need to be looked at because they don't seem to be timing out and just hand on "connecting to....". Finally, need to determine why certain ACLs...
These two tools have almost identical functionality. check_access could be considered to be a "loose" version to and find_access is "strict". One tool should do both.