cisco_acl_intp 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +17 -0
  3. data/.rspec +2 -0
  4. data/.rubocop.yml +13 -0
  5. data/.travis.yml +3 -0
  6. data/.yardopts +4 -0
  7. data/Gemfile +19 -0
  8. data/LICENSE.txt +22 -0
  9. data/README.md +132 -0
  10. data/Rakefile +78 -0
  11. data/acl_examples/err-acl.txt +49 -0
  12. data/acl_examples/named-ext-acl.txt +12 -0
  13. data/acl_examples/named-std-acl.txt +6 -0
  14. data/acl_examples/numd-acl.txt +21 -0
  15. data/cisco_acl_intp.gemspec +31 -0
  16. data/lib/cisco_acl_intp/ace.rb +432 -0
  17. data/lib/cisco_acl_intp/ace_ip.rb +136 -0
  18. data/lib/cisco_acl_intp/ace_other_qualifiers.rb +102 -0
  19. data/lib/cisco_acl_intp/ace_port.rb +146 -0
  20. data/lib/cisco_acl_intp/ace_proto.rb +319 -0
  21. data/lib/cisco_acl_intp/ace_srcdst.rb +114 -0
  22. data/lib/cisco_acl_intp/ace_tcp_flags.rb +65 -0
  23. data/lib/cisco_acl_intp/acl.rb +272 -0
  24. data/lib/cisco_acl_intp/acl_base.rb +111 -0
  25. data/lib/cisco_acl_intp/parser.rb +3509 -0
  26. data/lib/cisco_acl_intp/parser.ry +1397 -0
  27. data/lib/cisco_acl_intp/scanner.rb +176 -0
  28. data/lib/cisco_acl_intp/scanner_special_token_handler.rb +66 -0
  29. data/lib/cisco_acl_intp/version.rb +5 -0
  30. data/lib/cisco_acl_intp.rb +9 -0
  31. data/spec/cisco_acl_intp/ace_ip_spec.rb +111 -0
  32. data/spec/cisco_acl_intp/ace_other_qualifier_spec.rb +63 -0
  33. data/spec/cisco_acl_intp/ace_port_spec.rb +214 -0
  34. data/spec/cisco_acl_intp/ace_proto_spec.rb +200 -0
  35. data/spec/cisco_acl_intp/ace_spec.rb +605 -0
  36. data/spec/cisco_acl_intp/ace_srcdst_spec.rb +296 -0
  37. data/spec/cisco_acl_intp/ace_tcp_flags_spec.rb +38 -0
  38. data/spec/cisco_acl_intp/acl_spec.rb +523 -0
  39. data/spec/cisco_acl_intp/cisco_acl_intp_spec.rb +7 -0
  40. data/spec/cisco_acl_intp/parser_spec.rb +53 -0
  41. data/spec/cisco_acl_intp/scanner_spec.rb +122 -0
  42. data/spec/conf/extacl_objgrp_token_seq.yml +36 -0
  43. data/spec/conf/extacl_token_seq.yml +88 -0
  44. data/spec/conf/extended_acl.yml +226 -0
  45. data/spec/conf/scanner_spec_data.yml +120 -0
  46. data/spec/conf/single_tokens.yml +235 -0
  47. data/spec/conf/stdacl_token_seq.yml +8 -0
  48. data/spec/conf/tokens1.yml +158 -0
  49. data/spec/conf/tokens2.yml +206 -0
  50. data/spec/parser_fullfill_patterns.rb +145 -0
  51. data/spec/spec_helper.rb +54 -0
  52. data/tools/check_acl.rb +48 -0
  53. metadata +159 -0
@@ -0,0 +1,36 @@
1
+ - :testname: extacl_objgrp1_spec
2
+ :casedata: tokens2.yml
3
+ :fieldseq:
4
+ - acl
5
+ - extacl_num
6
+ - action
7
+ - tcpudp_proto
8
+ - ip_spec_objgrp1
9
+ - null_port
10
+ - ip_spec_objgrp2
11
+ - null_port
12
+ - ext_acl_log_spec
13
+ - :testname: extacl_objgrp2_spec
14
+ :casedata: tokens2.yml
15
+ :fieldseq:
16
+ - acl
17
+ - extacl_num
18
+ - action
19
+ - tcp_proto
20
+ - ip_spec_objgrp1
21
+ - tcp_port_spec1
22
+ - ip_spec_objgrp2
23
+ - tcp_port_spec2
24
+ - ext_acl_log_spec
25
+ - :testname: extacl_objgrp3_spec
26
+ :casedata: tokens2.yml
27
+ :fieldseq:
28
+ - acl
29
+ - extacl_num
30
+ - action
31
+ - udp_proto
32
+ - ip_spec_objgrp1
33
+ - udp_port_spec1
34
+ - ip_spec_objgrp2
35
+ - udp_port_spec2
36
+ - ext_acl_log_spec
@@ -0,0 +1,88 @@
1
+ - :testname: extacl_icmp_spec
2
+ :casedata: tokens1.yml
3
+ :fieldseq:
4
+ - acl
5
+ - extacl_num
6
+ # - dynamic_spec
7
+ - action
8
+ - icmp_proto
9
+ - ip_spec1
10
+ - ip_spec2
11
+ - icmp_qualifier
12
+ - ext_acl_log_spec
13
+ - :testname: extacl_ip_spec
14
+ :casedata: tokens1.yml
15
+ :fieldseq:
16
+ - acl
17
+ - extacl_num
18
+ - dynamic_spec
19
+ - action
20
+ - ip_proto
21
+ - ip_spec1
22
+ - ip_spec2
23
+ - ext_acl_log_spec
24
+ - :testname: extacl_tcp_spec
25
+ :casedata: tokens2.yml
26
+ :fieldseq:
27
+ - acl
28
+ - extacl_num
29
+ # - dynamic_spec
30
+ - action
31
+ - tcp_proto
32
+ - ip_spec1
33
+ - tcp_port_spec1
34
+ - ip_spec2
35
+ - tcp_port_spec2
36
+ - ext_acl_log_spec
37
+ - :testname: extacl_udp_spec
38
+ :casedata: tokens2.yml
39
+ :fieldseq:
40
+ - acl
41
+ - extacl_num
42
+ # - dynamic_spec
43
+ - action
44
+ - udp_proto
45
+ - ip_spec1
46
+ - udp_port_spec1
47
+ - ip_spec2
48
+ - udp_port_spec2
49
+ - ext_acl_log_spec
50
+ - :testname: extacl_options1_spec
51
+ :casedata: tokens2.yml
52
+ :fieldseq:
53
+ - acl
54
+ - extacl_num
55
+ - action
56
+ - tcp_proto
57
+ - ip_spec1
58
+ - tcp_port_spec1
59
+ - ip_spec2
60
+ - tcp_port_spec2
61
+ - tcp_flags
62
+ - precedence
63
+ - time_range
64
+ - :testname: extacl_options2_spec
65
+ :casedata: tokens2.yml
66
+ :fieldseq:
67
+ - acl
68
+ - extacl_num
69
+ - action
70
+ - udp_proto
71
+ - ip_spec1
72
+ - udp_port_spec1
73
+ - ip_spec2
74
+ - udp_port_spec2
75
+ - dscp
76
+ - tos
77
+ - :testname: extacl_tcpflag_spec
78
+ :casedata: tokens2.yml
79
+ :fieldseq:
80
+ - acl
81
+ - extacl_num
82
+ - action
83
+ - tcp_proto
84
+ - ip_spec1
85
+ - null_port
86
+ - ip_spec2
87
+ - null_port
88
+ - tcp_flags2
@@ -0,0 +1,226 @@
1
+ # Transit Access Control Lists: Filtering at Your Edge [IP Addressing Services] - Cisco Systems http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
2
+ - :name: "Anti-spoofing entries."
3
+ :symbol: extacl-deny-antispoof
4
+ :description: "Deny special-use address sources. Refer to RFC 3330 for additional special use addresses."
5
+ :acl: |
6
+ access-list 110 deny ip 127.0.0.0 0.255.255.255 any
7
+ access-list 110 deny ip 192.0.2.0 0.0.0.255 any
8
+ access-list 110 deny ip 224.0.0.0 31.255.255.255 any
9
+ access-list 110 deny ip host 255.255.255.255 any
10
+ :correct: true
11
+ - :name: "DHCP relays"
12
+ :symbol: extacl-permit-dhcprelay
13
+ :description: "The deny statement should not be configured on Dynamic Host Configuration Protocol (DHCP) relays."
14
+ :acl: |
15
+ access-list 110 deny ip host 0.0.0.0 any
16
+ :correct: true
17
+ - :name: "Filter RFC 1918 space."
18
+ :symbol: extacl-deny-rfc1918
19
+ :description: ""
20
+ :acl: |
21
+ access-list 110 deny ip 10.0.0.0 0.255.255.255 any
22
+ access-list 110 deny ip 172.16.0.0 0.15.255.255 any
23
+ access-list 110 deny ip 192.168.0.0 0.0.255.255 any
24
+ :correct: true
25
+ - :name: "Permit Border Gateway Protocol (BGP) to the edge router."
26
+ :symbol: extacl-permit-bgp
27
+ :description: ""
28
+ :acl: |
29
+ access-list 110 permit tcp host 10.1.1.1 gt 1023 host 10.1.1.2 eq bgp
30
+ access-list 110 permit tcp host 10.1.1.1 eq bgp host 10.1.1.2 gt 1023
31
+ :correct: true
32
+ - :name: "Deny your space as source (as noted in RFC 2827)."
33
+ :symbol: extacl-permit-local
34
+ :description: ""
35
+ :acl: |
36
+ access-list 110 deny ip 192.168.201.0 0.0.0.255 any
37
+ :correct: true
38
+ - :name: "Explicitly permit return traffic."
39
+ :symbol: extacl-permit-icmp
40
+ :description: "Allow specific ICMP types."
41
+ :acl: |
42
+ access-list 110 permit icmp any any echo-reply
43
+ access-list 110 permit icmp any any unreachable
44
+ access-list 110 permit icmp any any time-exceeded
45
+ access-list 110 deny icmp any any
46
+ :correct: true
47
+ - :name: "DNS queries"
48
+ :symbol: extacl-permit-dnsquery
49
+ :description: ""
50
+ :acl: |
51
+ access-list 110 remark !--- These are outgoing DNS queries.
52
+ access-list 110 permit udp any eq domain host 192.168.201.104 gt 1023
53
+ access-list 110 remark !--- Permit older DNS queries and replies to primary DNS server.
54
+ access-list 110 permit udp any eq domain host 192.168.201.104 eq domain
55
+ :correct: true
56
+ - :name: "Permit legitimate business traffic."
57
+ :symbol: extacl-permit-business-traffic
58
+ :description: ""
59
+ :acl: |
60
+ access-list 110 permit tcp any 192.168.201.0 0.0.0.255 established
61
+ access-list 110 permit udp any range 1 1023 192.168.201.0 0.0.0.255 gt 1023
62
+ :correct: true
63
+ - :name: "Allow ftp data and multimedia connections."
64
+ :symbol: extacl-permit-ftpclient
65
+ :description: ""
66
+ :acl: |
67
+ access-list 110 remark !--- Allow FTP data connections.
68
+ access-list 110 permit tcp any eq ftp-data 192.168.201.0 0.0.0.255 gt 1023
69
+ access-list 110 remark !--- Allow TFTP data and multimedia connections.
70
+ access-list 110 permit udp any gt 1023 192.168.201.0 0.0.0.255 gt 1023
71
+ :correct: true
72
+ - :name: "Explicitly permit externally sourced traffic. (DNS)"
73
+ :symbol: extacl-permit-dns-server
74
+ :description: ""
75
+ :acl: |
76
+ access-list 110 remark !--- These are incoming DNS queries.
77
+ access-list 110 permit udp any gt 1023 host 192.168.201.104 eq domain
78
+ access-list 110 remark !--- Zone transfer DNS queries to primary DNS server.
79
+ access-list 110 permit tcp host 172.16.201.50 gt 1023 host 192.168.201.104 eq domain
80
+ access-list 110 remark !--- Permit older DNS zone transfers.
81
+ access-list 110 permit tcp host 172.16.201.50 eq domain host 192.168.201.104 eq domain
82
+ access-list 110 remark !--- Deny all other DNS traffic.
83
+ access-list 110 deny udp any any eq domain
84
+ access-list 110 deny tcp any any eq domain
85
+ :correct: true
86
+ - :name: "Explicitly permit externally sourced traffic. (VPN)"
87
+ :symbol: extacl-permit-vpn-server
88
+ :description: "Allow IPSec VPN traffic."
89
+ :acl: |
90
+ access-list 110 permit udp any host 192.168.201.100 eq isakmp
91
+ access-list 110 permit udp any host 192.168.201.100 eq non500-isakmp
92
+ access-list 110 permit esp any host 192.168.201.100
93
+ access-list 110 permit ahp any host 192.168.201.100
94
+ access-list 110 deny ip any host 192.168.201.100
95
+ :correct: true
96
+ - :name: "Explicitly permit externally sourced traffic. (Others)"
97
+ :symbol: extacl-permit-web-server
98
+ :description: "These are Internet-sourced connections to publicly accessible servers."
99
+ :acl: |
100
+ access-list 110 permit tcp any host 192.168.201.101 eq www
101
+ access-list 110 permit tcp any host 192.168.201.101 eq 443
102
+ access-list 110 permit tcp any host 192.168.201.102 eq ftp
103
+ :correct: true
104
+ - :name: "Explicitly permit externally sourced traffic. (FTP)"
105
+ :symbol: extacl-permit-ftp-server
106
+ :description: "Data connections to the FTP server are allowed by the permit established ACE. Allow PASV data connections to the FTP server."
107
+ :acl: |
108
+ access-list 110 permit tcp any gt 1023 host 192.168.201.102 gt 1023
109
+ access-list 110 permit tcp any host 192.168.201.103 eq smtp
110
+ :correct: true
111
+ - :name: "Explicitly deny all other traffic."
112
+ :symbol: extacl-deny-any
113
+ :description: ""
114
+ :acl: |
115
+ access-list 101 deny ip any any
116
+ :correct: true
117
+ #
118
+ # IP アクセス リストの設定 - Cisco Systems http://www.cisco.com/cisco/web/support/JP/100/1008/1008446_confaccesslists-j.html#reflexacl
119
+ # Configuring IP Access Lists - Cisco Systems http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml
120
+ #
121
+ - :name: "Reflexive ACLs"
122
+ :symbol: extacl-reflexive
123
+ :description: ""
124
+ :acl: |
125
+ ip access-list extended inboundfilters
126
+ permit icmp 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
127
+ evaluate tcptraffic
128
+ !
129
+ ip access-list extended outboundfilters
130
+ permit icmp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
131
+ permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 reflect tcptraffic
132
+ !
133
+ :correct: true
134
+ - :name: "Time-Based ACLs Using Time Ranges"
135
+ :symbol: extacl-time-based
136
+ :description: ""
137
+ :acl: |
138
+ access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet time-range EVERYOTHERDAY
139
+ :correct: true
140
+ #
141
+ # used at home router
142
+ #
143
+ - :name: "My Home (1)"
144
+ :symbol: extacl-self-example1
145
+ :description: "outbound filter"
146
+ :acl: |
147
+ ip access-list extended GI0-OUT
148
+ deny ip any 10.0.0.0 0.255.255.255 log
149
+ deny ip any 172.16.0.0 0.15.255.255 log
150
+ deny ip any 0.0.0.0 0.255.255.255 log
151
+ deny ip any 127.0.0.0 0.255.255.255 log
152
+ deny ip any 192.0.2.0 0.0.0.255 log
153
+ deny ip any 169.254.0.0 0.0.255.255 log
154
+ deny ip any 224.0.0.0 31.255.255.255 log
155
+ deny tcp any any eq 135 log
156
+ deny udp any any eq 135 log
157
+ deny tcp any any range 137 139 log
158
+ deny udp any any range netbios-ns netbios-ss log
159
+ deny tcp any any eq 445 log
160
+ deny udp any any eq 445 log
161
+ deny tcp any eq 135 any log
162
+ deny udp any eq 135 any log
163
+ deny tcp any range 137 139 any log
164
+ deny udp any range netbios-ns netbios-ss any log
165
+ deny tcp any eq 445 any log
166
+ deny udp any eq 445 any log
167
+ deny tcp any any eq 6000 log
168
+ deny tcp any any eq 1433 log
169
+ remark vpn
170
+ permit udp any eq isakmp any
171
+ remark permit to 6to4
172
+ permit ip any 192.88.99.0 0.0.0.255
173
+ permit 41 any 192.88.99.0 0.0.0.255
174
+ remark permit any from inside to outside
175
+ permit icmp any any
176
+ permit ip any any reflect iptraffic timeout 300
177
+ deny ip any any log
178
+ !
179
+ :correct: true
180
+ - :name: "My Home (2)"
181
+ :symbol: extacl-self-example2
182
+ :description: "inbound filter"
183
+ :acl: |
184
+ ip access-list extended GI0-IN
185
+ deny ip 10.0.0.0 0.255.255.255 any log
186
+ deny ip 172.16.0.0 0.15.255.255 any log
187
+ deny ip 0.0.0.0 0.255.255.255 any log
188
+ deny ip 127.0.0.0 0.255.255.255 any log
189
+ deny ip 192.0.2.0 0.0.0.255 any log
190
+ deny ip 169.254.0.0 0.0.255.255 any log
191
+ deny ip 224.0.0.0 31.255.255.255 any log
192
+ deny tcp any any eq 135 log
193
+ deny udp any any eq 135 lo
194
+ deny tcp any any range 137 139 log
195
+ deny udp any any range netbios-ns netbios-ss log
196
+ deny tcp any any eq 445 log
197
+ deny udp any any eq 445 log
198
+ deny tcp any any eq 6000 log
199
+ deny tcp any any eq 1433 log
200
+ remark ospf
201
+ permit ospf 192.168.100.0 0.0.0.255 any
202
+ remark ihanet
203
+ permit gre any host 192.168.100.201
204
+ permit ipinip any host 192.168.100.201
205
+ remark vpn
206
+ permit esp any any
207
+ permit tcp any any eq 50
208
+ permit tcp any any eq 51
209
+ permit udp any any eq isakmp
210
+ permit udp any any eq 1701
211
+ remark ntp/dns
212
+ permit udp any eq ntp any
213
+ permit tcp any eq domain any
214
+ permit udp any eq domain any
215
+ remark ipv6
216
+ permit ip 192.88.99.0 0.0.0.255 any
217
+ permit 41 any any
218
+ remark home web server
219
+ permit tcp any any eq 80000
220
+ remark permit any from inside to outside
221
+ evaluate iptraffic
222
+ permit tcp any any established
223
+ permit icmp any any
224
+ deny ip any any log
225
+ !
226
+ :correct: false
@@ -0,0 +1,120 @@
1
+ - :test_description: "named std acl header"
2
+ :test_symbol: named_std_acl
3
+ :test_data:
4
+ - :line: "ip access-list standard remote-ipv4 "
5
+ :tokens:
6
+ - [ NAMED_ACL, "ip access-list" ] # acl header
7
+ - standard
8
+ - [ STRING, "remote-ipv4" ]
9
+ - :line: " remark hoge fuga aa" # remark
10
+ :tokens:
11
+ - remark
12
+ - [ STRING, "hoge fuga aa" ]
13
+ - :line: " permit 192.168.0.0 0.0.255.255 "
14
+ :tokens:
15
+ - permit
16
+ - [ IPV4_ADDR, 192.168.0.0 ]
17
+ - [ IPV4_ADDR, 0.0.255.255 ]
18
+ - :line: " remark ip access-list extended hogehoge" # remark
19
+ :tokens:
20
+ - remark
21
+ - [ STRING, "ip access-list extended hogehoge" ]
22
+ - :test_description: "named ext acl header"
23
+ :test_symbol: named_ext_acl
24
+ :test_data:
25
+ - :line: "ip access-list extended GI0-IN"
26
+ :tokens:
27
+ - [ NAMED_ACL, "ip access-list" ] # acl header
28
+ - extended
29
+ - [ STRING, GI0-IN ]
30
+ - :line: " deny ip 10.0.0.0 0.255.255.255 any log"
31
+ :tokens:
32
+ - deny
33
+ - ip
34
+ - [ IPV4_ADDR, 10.0.0.0 ]
35
+ - [ IPV4_ADDR, 0.255.255.255 ]
36
+ - any
37
+ - log
38
+ - :line: " deny ip 172.16.0.0 0.15.255.255 any log foobar"
39
+ :tokens:
40
+ - deny
41
+ - ip
42
+ - [ IPV4_ADDR, 172.16.0.0 ]
43
+ - [ IPV4_ADDR, 0.15.255.255 ]
44
+ - any
45
+ - log
46
+ - [ STRING, foobar ] # log (with cookie)
47
+ - :test_description: "special values"
48
+ :test_symbol: special_values
49
+ :test_data:
50
+ - :line: "permit 192.168.3.0/24 for-test"
51
+ :tokens:
52
+ - permit
53
+ - [ IPV4_ADDR, 192.168.3.0 ]
54
+ - '/'
55
+ - [ NUMBER, 24 ]
56
+ - for-test
57
+ - :test_description: "string arg tokens check"
58
+ :test_symbol: str_arg_tokens
59
+ :test_data:
60
+ - :line: " extended standard foobar"
61
+ :tokens:
62
+ - extended
63
+ - [ STRING, standard ]
64
+ - foobar
65
+ - :line: "abc standard log hoge"
66
+ :tokens:
67
+ - abc
68
+ - standard
69
+ - [ STRING, log ]
70
+ - hoge
71
+ - :line: "dynamic hogehoge"
72
+ :tokens:
73
+ - dynamic
74
+ - [ STRING, hogehoge ]
75
+ - :line: "log foobar"
76
+ :tokens:
77
+ - log
78
+ - [ STRING, foobar ]
79
+ - :line: "log-input abcde"
80
+ :tokens:
81
+ - log-input
82
+ - [ STRING, abcde ]
83
+ - :line: "foobar log"
84
+ :tokens:
85
+ - foobar
86
+ - log
87
+ - :line: "hogehoge log"
88
+ :tokens:
89
+ - hogehoge
90
+ - log
91
+ - :line: "time-range range-name"
92
+ :tokens:
93
+ - time-range
94
+ - [ STRING, range-name ]
95
+ - :line: "reflect reflect-name "
96
+ :tokens:
97
+ - reflect
98
+ - [ STRING, reflect-name ]
99
+ - :line: "evaluate evaluate-name"
100
+ :tokens:
101
+ - evaluate
102
+ - [ STRING, evaluate-name ]
103
+ - :line: "object-group grpname"
104
+ :tokens:
105
+ - object-group
106
+ - [ STRING, grpname ]
107
+ - :line: "object-group network hoge"
108
+ :tokens:
109
+ - object-group
110
+ - network
111
+ - [ STRING, hoge ]
112
+ - :line: "object-group service ffff"
113
+ :tokens:
114
+ - object-group
115
+ - service
116
+ - [ STRING, ffff ]
117
+ - :line: "group-object nested-obj-name"
118
+ :tokens:
119
+ - group-object
120
+ - [ STRING, nested-obj-name ]
@@ -0,0 +1,235 @@
1
+ - ipv6
2
+ - permit
3
+ - deny
4
+ - timeout
5
+ - established
6
+ - syn
7
+ - ack
8
+ - fin
9
+ - psh
10
+ - urg
11
+ - rst
12
+ - '+syn'
13
+ - '-syn'
14
+ - '+ack'
15
+ - '-ack'
16
+ - '+fin'
17
+ - '-fin'
18
+ - '+psh'
19
+ - '-psh'
20
+ - '+urg'
21
+ - '-urg'
22
+ - '+rst'
23
+ - '-rst'
24
+ - match-all
25
+ - match-any
26
+ - ahp
27
+ - eigrp
28
+ - esp
29
+ - gre
30
+ - icmp
31
+ - igmp
32
+ - ipinip
33
+ - ip
34
+ - nos
35
+ - ospf
36
+ - pcf
37
+ - pim
38
+ - tcp
39
+ - udp
40
+ - fragments
41
+ - log-input
42
+ - log-update
43
+ - log
44
+ - threshold
45
+ - time-range
46
+ - administratively-prohibited
47
+ - alternate-address
48
+ - conversion-error
49
+ - dod-host-prohibited
50
+ - dod-net-prohibited
51
+ - echo-reply
52
+ - echo
53
+ - general-parameter-problem
54
+ - host-isolated
55
+ - mobile-redirect
56
+ - net-redirect
57
+ - net-tos-redirect
58
+ - net-unreachable
59
+ - network-unknown
60
+ - no-room-for-option
61
+ - option-missing
62
+ - packet-too-big
63
+ - parameter-problem
64
+ - port-unreachable
65
+ - precedence-unreachable
66
+ - protocol-unreachable
67
+ - host-precedence-unreachable
68
+ - host-redirect
69
+ - host-tos-redirect
70
+ - host-unknown
71
+ - host-unreachable
72
+ - information-reply
73
+ - information-request
74
+ - mask-reply
75
+ - mask-request
76
+ - reassembly-timeout
77
+ - redirect
78
+ - router-advertisement
79
+ - router-solicitation
80
+ - source-quench
81
+ - source-route-failed
82
+ - time-exceeded
83
+ - timestamp-reply
84
+ - timestamp-request
85
+ - traceroute
86
+ - ttl-exceeded
87
+ - unreachable
88
+ - beyond-scope
89
+ - destination-unreachable
90
+ - echo-request
91
+ - flow-label
92
+ - mld-reduction
93
+ - mld-report
94
+ - next-header
95
+ - parameter-option
96
+ - renum-command
97
+ - renum-result
98
+ - renum-seq-number
99
+ - router-renumbering
100
+ - undetermined-transport
101
+ - nd-na
102
+ - nd-ns
103
+ - header
104
+ - hop-limit
105
+ - mld-query
106
+ - no-admin
107
+ - no-route
108
+ - routing
109
+ - sequence
110
+ - flash-override
111
+ - precedence
112
+ - critical
113
+ - flash
114
+ - immediate
115
+ - internet
116
+ - priority
117
+ - routine
118
+ - network
119
+ - tos
120
+ - max-reliability
121
+ - max-throughput
122
+ - min-delay
123
+ - min-monetary-cost
124
+ - normal
125
+ - bgp
126
+ - chargen
127
+ - cmd
128
+ - daytime
129
+ - domain
130
+ - drip
131
+ - exec
132
+ - finger
133
+ - ftp-data
134
+ - ftp
135
+ - gopher
136
+ - hostname
137
+ - ident
138
+ - irc
139
+ - klogin
140
+ - kshell
141
+ - login
142
+ - lpd
143
+ - nntp
144
+ - pim-auto-rp
145
+ - pop2
146
+ - pop3
147
+ - smtp
148
+ - tacacs
149
+ - telnet
150
+ - uucp
151
+ - whois
152
+ - www
153
+ - biff
154
+ - bootpc
155
+ - bootps
156
+ - dnsix
157
+ - isakmp
158
+ - mobile-ip
159
+ - nameserver
160
+ - netbios-dgm
161
+ - netbios-ns
162
+ - netbios-ss
163
+ - non500-isakmp
164
+ - ntp
165
+ - pim-auto-rp
166
+ - rip
167
+ - snmp
168
+ - snmptrap
169
+ - syslog
170
+ - tftp
171
+ - who
172
+ - xdmcp
173
+ - discard
174
+ - echo
175
+ - sunrpc
176
+ - talk
177
+ - time
178
+ - dscp
179
+ - af11
180
+ - af12
181
+ - af13
182
+ - af21
183
+ - af22
184
+ - af23
185
+ - af31
186
+ - af32
187
+ - af33
188
+ - af41
189
+ - af42
190
+ - af43
191
+ - cs1
192
+ - cs2
193
+ - cs3
194
+ - cs4
195
+ - cs5
196
+ - cs6
197
+ - cs7
198
+ - default
199
+ - ef
200
+ - option
201
+ - add-ext
202
+ - any-options
203
+ - com-security
204
+ - dps
205
+ - encode
206
+ - eool
207
+ - ext-ip
208
+ - ext-security
209
+ - finn
210
+ - imitd
211
+ - lsr
212
+ - mtup
213
+ - mtur
214
+ - no-op
215
+ - nsapa
216
+ - record-route
217
+ - route-alert
218
+ - sdb
219
+ - security
220
+ - ssr
221
+ - stream-id
222
+ - timestamp
223
+ - ump
224
+ - visa
225
+ - zsu
226
+ - tcp-udp
227
+ - source
228
+ - group-object
229
+ - eq
230
+ - neq
231
+ - gt
232
+ - lt
233
+ - range
234
+ - any
235
+ - host
@@ -0,0 +1,8 @@
1
+ - :testname: stdacl_spec
2
+ :casedata: tokens1.yml
3
+ :fieldseq:
4
+ - acl
5
+ - stdacl_num
6
+ - action
7
+ - ip_spec1
8
+ - std_acl_log_spec