search

jathanism / acl

Network access control list and firewall policy parsing library.
Other
24 stars 23 forks source link

Add support for Citrix NetScaler policies #1

Open jathanism opened 11 years ago

jathanism commented 11 years ago

Simple example:

add policy expression abc_123_dtc "SOURCEIP = 25.18.64.0 -netmask 255.255.240.0" 
add policy expression abc_123_mtc "SOURCEIP = 6.2.0.0 -netmask 255.255.240.0" 
add policy expression abc_123_ntc "SOURCEIP = 20.20.12.0 -netmask 255.255.255.0" 
add policy expression abc_123_frr "SOURCEIP = 19.9.5.0 -netmask 255.255.254.0" 
add policy expression abc_123_networks "abc_123_dtc || abc_123_mtc || abc_123_ntc || abc_123_frr" 
add filter policy block_abc_123 -rule abc_123_networks -reqAction DROP 
add policy expression abc_123_and_webcache_networks "abc_123_networks || abc_webcache_networks" 
add filter policy block_abc_123_and_webcache -rule abc_123_and_webcache_networks -reqAction DROP

http://support.citrix.com/servlet/KbServlet/download/23195-102-666134/NS-PolicyConfig-Guide.pdf

jathanism commented 11 years ago

Policies are used to create complex expressions, because NetScaler acls & simpleacls don't support things like CIDRs and there's also a limit on command length.