Rule format?
19 views
Skip to first unread message
Jason
Aug 6, 2010, 8:52:33 AM8/6/10
to capirca-dev
Hi everyone,
I wanted to pass along a possible new format for creating rule
sets not a replacement but maybe a alternate format. I have spent most
of my career working with Cisco, Foundry, and some Juniper so I have
no idea if this format is already out there on another platform.
Jason
<protocol> <ip,cidr,all> <(port,ports,all)> <direction> <ip,cidr,all>
<(port, ports, all)>
!<protocol> <ip,cidr,all> <(port,ports,all)> <direction> <ip,cidr,all>
<(port, ports, all)> <- deny
Examples
tcp 1.2.3.4 (>1023) -> 5.6.7.8 (80)
# Allow tcp 1.2.3.4:>1023 to 5.6.7.8:80
!tcp any (>1023) -> 5.6.7.8 (80)
# Deny tcp any:>1023 to 5.6.7.8:80
tcp 1.2.3.4 (389) <-> 5.6.7.8 (389)
# Allow LDAP to or from 1.2.3.4. or 5.6.7.8
I wanted to pass along a possible new format for creating rule
sets not a replacement but maybe a alternate format. I have spent most
of my career working with Cisco, Foundry, and some Juniper so I have
no idea if this format is already out there on another platform.
Jason
<protocol> <ip,cidr,all> <(port,ports,all)> <direction> <ip,cidr,all>
<(port, ports, all)>
!<protocol> <ip,cidr,all> <(port,ports,all)> <direction> <ip,cidr,all>
<(port, ports, all)> <- deny
Examples
tcp 1.2.3.4 (>1023) -> 5.6.7.8 (80)
# Allow tcp 1.2.3.4:>1023 to 5.6.7.8:80
!tcp any (>1023) -> 5.6.7.8 (80)
# Deny tcp any:>1023 to 5.6.7.8:80
tcp 1.2.3.4 (389) <-> 5.6.7.8 (389)
# Allow LDAP to or from 1.2.3.4. or 5.6.7.8
Reply all
Reply to author
Forward
0 new messages