dmulyalin
commented
3 years ago Hi,
The closest I can think about is to use line indicator to collect lines that were not matched.
Sample Data:
access-list OUTSIDE extended permit tcp any object INT eq 8080
access-list OUTSIDE extended permit icmp any4 any4 echo
access-list OUTSIDE extended deny udp object ANY any4 echo
access-list OUTSIDE extended deny udp object ANY any6 echo
!Template:
<group name="rules" method="table">
access-list {{ ACL }} extended {{ action }} {{ proto }} {{ source }} {{ target }} {{ type }}
access-list {{ ACL }} extended {{ action }} {{ proto }} {{ source }} object {{ target }} eq {{ eq_port }}
{{ not_matched_rule | _line_ }}
! {{ _end_ }}
</group>Would produce:
[
[
{
"rules": [
{
"ACL": "OUTSIDE",
"action": "permit",
"eq_port": "8080",
"proto": "tcp",
"source": "any",
"target": "INT"
},
{
"ACL": "OUTSIDE",
"action": "permit",
"proto": "icmp",
"source": "any4",
"target": "any4",
"type": "echo"
},
{
"not_matched_rule": "access-list OUTSIDE extended deny udp object ANY any4 echo"
},
{
"not_matched_rule": "access-list OUTSIDE extended deny udp object ANY any6 echo"
}
]
}
]
]
mr-evilbit
When dealing with larger configs (a firewall with many NAT statements or ACLs for example) it would be helpful to know what did not actually match the template. I've read through the docs but haven't easily found a way to do this...apologies if i missed some method to do this