Python package to parse and manage Cisco ACL (Access Control List)
Project description
cisco-acl
Python package to parse and manage Cisco ACL (Access Control List).
Supported platforms:
Cisco IOS (tested on ISR4331/K9, IOS XE version 16.09.06)
Cisco Nexus NX-OS (tested on N3K-C3172TQ-XL, NXOS version 7.0(3)I7(8))
Main features:
Supports wildcards, converts wildcards to prefixes
Supports address groups
Represents TCP/UDP ports and IP protocols as numbers or well-known names
Converts IOS syntax to NX-OS and vice vera
Generates sequence numbers for ACEs
Looks for and removes ACEs in the shadow (rules without hits)
Groups ACEs to blocks. After sorting, the order of ACEs within a group does not change
Acronyms
Acronym |
Definition |
---|---|
ACL |
Access Control List |
ACE |
Access Control Entry |
ACEs |
Multiple Access Control Entries |
Requirements
Python >=3.8
Installation
Install the package from pypi.org release
pip install cisco-acl
or install the package from github.com release
pip install https://github.com/vladimirs-git/cisco-acl/archive/refs/tags/3.1.0.tar.gz
or install the package from github.com repository
pip install git+https://github.com/vladimirs-git/cisco-acl
acls()
cisco_acl.acls(config, kwargs) Creates Acl objects based on the “show running-config” output. Support address group objects. Each ACE line is treated as an independent Ace (default) or ACE lines can be grouped to AceGroup by text in remarks (param group_by)
Parameter |
Type |
Description |
---|---|---|
config |
str |
Cisco config, “show running-config” output |
platform |
str |
Platform: “ios” (default), “nxos” |
names |
List[str] |
Parses only ACLs with specified names, skips any other |
max_ncwb |
int |
Max count of non-contiguous wildcard bits |
indent |
str |
ACE lines indentation (default “ “) |
protocol_nr |
bool |
Well-known ip protocols as numbers, True - all ip protocols as numbers, False - well-known ip protocols as names (default) |
port_nr |
bool |
Well-known TCP/UDP ports as numbers, True - all tcp/udp ports as numbers, False - well-known tcp/udp ports as names (default) |
group_by |
str |
Startswith in remark line. ACEs group, starting from the Remark, where line startswith group_by, will be applied to the same AceGroup, until next Remark that also startswith group_by |
- Return
List of Acl objects
Examples
aces()
cisco_acl.aces(config, kwargs) Creates Ace objects based on the “show running-config” output
Parameter |
Type |
Description |
---|---|---|
config |
str |
Cisco config, “show running-config” output |
platform |
str |
Platform: “ios” (default), “nxos” |
max_ncwb |
int |
Max count of non-contiguous wildcard bits |
protocol_nr |
bool |
Well-known ip protocols as numbers, True - all ip protocols as numbers, False - well-known ip protocols as names (default) |
port_nr |
bool |
Well-known TCP/UDP ports as numbers, True - all tcp/udp ports as numbers, False - well-known tcp/udp ports as names (default) |
group_by |
str |
Startswith in remark line. ACEs group, starting from the Remark, where line startswith group_by, will be applied to the same AceGroup, until next Remark that also startswith group_by |
- Return
List of Ace objects
Examples
addrgroups()
cisco_acl.addrgroups(config, kwargs) Creates AddrGroup objects based on the “show running-config” output
Parameter |
Type |
Description |
---|---|---|
config |
str |
Cisco config, “show running-config” output |
platform |
str |
Platform: “ios” (default), “nxos” |
max_ncwb |
int |
Max count of non-contiguous wildcard bits |
indent |
str |
ACE lines indentation (default “ “) |
- Return
List of AddrGroup objects
range_ports()
cisco_acl.range_ports(srcports, dstports, line, platform, port_nr) Generates ACEs in required range of TCP/UDP source/destination ports
Parameter |
Type |
Description |
---|---|---|
srcports |
str |
Range of TCP/UDP source ports |
dstports |
str |
Range of TCP/UDP destination ports |
line |
str |
ACE pattern, on whose basis new ACEs will be generated (default “permit tcp any any”, operator “eq”) |
platform |
str |
Platform: “ios” (default), “nxos” |
port_nr |
bool |
Well-known TCP/UDP ports as numbers, True - all tcp/udp ports as numbers, False - well-known tcp/udp ports as names (default) |
- Return
List of newly generated ACE lines
Examples
range_protocols()
cisco_acl.range_protocols(protocols, line, platform, protocol_nr) Generates ACEs in required range of IP protocols
Parameter |
Type |
Description |
---|---|---|
protocols |
str |
Range of IP protocols |
line |
str |
ACE pattern, on whose basis new ACEs will be generated (default “permit ip any any”) |
platform |
str |
Platform: “ios” (default), “nxos” |
protocol_nr |
bool |
Well-known ip protocols as numbers, True - all ip protocols as numbers, False - well-known ip protocols as names (default) |
- Return
List of newly generated ACE lines
Examples
Objects
Documentation of objects for deep-code divers
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.