On 19 Aug 2010, at 04:23, George Michaelson wrote:
something which can take a couple of hundred basic and extended ACLs and
tell you
these ten don't work
these twenty conflict
the remaining x have a sequence and can reduce to this basic x-y set
A reasonable call. Its probably where we'll
Maybe FLINT?
http://www.matasano.com/playbook/flint
Never tried it so feedback is welcome... :-)
/bs
On Wed, Aug 18, 2010 at 5:38 PM, George Michaelson g...@apnic.net wrote:
I have been looking at acl management s/w in the freecode space and I can
find lots of tools which manage/distribute
On Thu, 19 Aug 2010, George Michaelson wrote:
I have been looking at acl management s/w in the freecode space and I can find
lots of tools which manage/distribute and test ACLs in routers.
I'm wondering if anyone has written a parser which can construct rule-trees and
get rid of the cruft,
On Thu, Aug 19, 2010 at 11:55 AM, Cat Okita c...@reptiles.org wrote:
On Thu, 19 Aug 2010, George Michaelson wrote:
I have been looking at acl management s/w in the freecode space and I can
find lots of tools which manage/distribute and test ACLs in routers.
I'm wondering if anyone has
On Thu, 19 Aug 2010, Christopher Morrow wrote:
this paper, while full of math and graphs and sh*t, doesn't make my
acl management simpler, clearer or more complete... I keep trying to
push my acls through the paper, no joy yet.
there's code or something somewhere that implements the algorithms
On Thu, Aug 19, 2010 at 2:18 PM, Cat Okita c...@reptiles.org wrote:
On Thu, 19 Aug 2010, Christopher Morrow wrote:
this paper, while full of math and graphs and sh*t, doesn't make my
acl management simpler, clearer or more complete... I keep trying to
push my acls through the paper, no joy
I'm wondering if anyone has written a parser which can construct rule-trees
and get rid of the cruft, unusable, order-misorder and other issues in a
large ACL pool?
fwbuilder (www.fwbuilder.org) can import Cisco ACLs and impart a
checkpoint-esque rule tree for you to look at, change,
I have been looking at acl management s/w in the freecode space and I can find
lots of tools which manage/distribute and test ACLs in routers.
I'm wondering if anyone has written a parser which can construct rule-trees and
get rid of the cruft, unusable, order-misorder and other issues in a
On Aug 19, 2010, at 7:38 AM, George Michaelson wrote:
(we've got the usual acquisition of rule by accretion problem across 4
edge/core routers with a mix of public facing, internal, WiFi, guest rules,
and I hate to think this is either start from scratch, or intractable. The
evidence is
On Wed, Aug 18, 2010 at 8:47 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Aug 19, 2010, at 7:38 AM, George Michaelson wrote:
(we've got the usual acquisition of rule by accretion problem across 4
edge/core routers with a mix of public facing, internal, WiFi, guest rules,
and I hate to
something which can take a couple of hundred basic and extended ACLs and tell
you
these ten don't work
these twenty conflict
the remaining x have a sequence and can reduce to this basic x-y set
maybe you could go the other direction. as opposed to trying to digest
and correct cruft,
On 19/08/2010, at 1:00 PM, Randy Bush wrote:
something which can take a couple of hundred basic and extended ACLs and
tell you
these ten don't work
these twenty conflict
the remaining x have a sequence and can reduce to this basic x-y set
maybe you could go the other direction. as
one more comment. be careful aggregating filters. the peer may
actually announce all those damed frags, especially in massively
de-aggregated places such as india, indonesia, ...
randy
On 19/08/2010, at 1:38 PM, Randy Bush wrote:
one more comment. be careful aggregating filters. the peer may
actually announce all those damed frags, especially in massively
de-aggregated places such as india, indonesia, ...
randy
I should have been clearer that I really only want to
14 matches
Mail list logo