What steps will reproduce the problem?
1. Use the included NETWORK.net & SERVICES.svc definition files included & the
attached policy file, test_cisco_object_group.pol.
2. Run aclgen.py on this policy file:
./aclgen.py -d def -p policies/test_cisco_object_group.pol -o output
3. Review the output file.
What is the expected output? What do you see instead?
I've attached the generated output file, test_cisco_object_group.acl. It
creates an object group for GOOGLE_DNS:
object-group ip address GOOGLE_DNS
8.8.4.4 255.255.255.255
8.8.8.8 255.255.255.255
exit
But when actually writing the ACL, it uses the IP addresses for the addgroup
instead of the object group name:
permit 17 addrgroup 0.0.0.0/0 addrgroup 8.8.4.4/32 portgroup 53-53
permit 17 addrgroup 0.0.0.0/0 addrgroup 8.8.8.8/32 portgroup 53-53
permit 17 addrgroup 0.0.0.0/0 addrgroup 2001:4860:4860::8844/128 portgroup 53-53
permit 17 addrgroup 0.0.0.0/0 addrgroup 2001:4860:4860::8888/128 portgroup 53-53
It also uses a 0.0.0.0/0 address group which isn't a defined object group (I
would expect it to just use the keyword any).
What version of the product are you using? On what operating system?
SVN revision 259 on OS X 10.6.8 (Python 2.7.1).
Original issue reported on code.google.com by david.co...@gmail.com on 30 Oct 2014 at 9:23
Original issue reported on code.google.com by
david.co...@gmail.comon 30 Oct 2014 at 9:23Attachments: