NAME

Cisco::Regex - Utility to verify basic syntax of Cisco IOS standard and extended IPv4 access-lists.

SYNOPSIS

use Cisco::Regex;

my $r = Cisco::Regex->new;
my $std_regex = $r->regex('standard');
my $ext_regex = $r->regex('extended');
  
my $isok = $r->standard($line);
my $isok = $r->extended($line);
my $isok = $r->auto($line);

DESCRIPTION

Cisco::Regex was made to lint access-lists before sending them to a Cisco IOS device. Only syntax checking is performed; no logical check is even attempted.

CONSTRUCTOR

my $r = Cisco::Regex->new( debug    => 0,
                           addr     => $addr_regex,
                           protocol => $protocol_regex,
                           network  => $network_regex,
                           port     => $port_regex,
                           ports    => $ports_regex,
                         )

debug

control ancillary/informational messages being printed.

ADVANCED OPTIONS

addr

replace the built in 'addr' regex with the supplied regex.

protocol

replace the built in 'protocol' regex with the supplied regex.

network

replace the built in 'network' regex with the supplied regex.

port

replace the built in 'port' regex with the supplied regex.

ports

replace the built in 'ports' regex with the supplied regex.

USAGE

regex

will return a regular expression for matching yourself. Valid arguments are:

addr: returns what an ip address should look like
protocol: returns what a protocol should look like
network: returns what a network statement should look like
ports: returns what port properties should look like
standard: for access-list 1-99 & 1300-1999 syntax matching
extended: for access-list 100-199 & 2000-2699 syntax matching

standard

check the provided line against the 'standard' regex.

extended

check the provided line against the 'extended' regex.

auto

checks if the line matches either a standard or an extended access-list

EXAMPLES

use strict;
use Cisco::Regex;

my @std_lines = ('access-list 15 permit 10.0.0.0 0.255.255.255',
                 'access-list 15 permit 10.0.0.0 0.255.255.255 any',
                );
for my $line (@std_lines){
  my $isok = $r->standard($line);
  if( $isok ){
      print "OK: $line\n";
  }else{
      print "BAD: $line\n";
  }
}

my @ext_lines = ('access-list 115 permit udp 10.0.0.0 0.255.255.255 eq 5060 any log',
                 'access-list 115 permit 10.0.0.0 0.255.255.255 any',
                );

for my $line (@ext_lines){
  my $isok = $r->extended($line);
  if( $isok ){
      print "OK: $line\n";
  }else{
      print "BAD: $line\n";
  }
}

my $acl = 'access-list 2100 permit tcp any 10.0.0.0 0.0.0.255 eq 22';
my $ext_regex = $r->regex('extended');
if( $acl =~ m/$ext_regex/ ){
     print "acl looks okay\n";
}

CAVEATS aka TODO

IPv4 only

named access-lists not supported

hosts/netmasks not checked to be on valid network boundaries

not all syntax is understood, e.g.: options values, precedence, tos, and time-range

syntax checking is good but not strict. e.g.:

access-list 115 permit ip any any eq http (ip vs tcp)

access-list 115 permit tcp any any eq syslog (tcp vs udp)

access-list 115 permit 10.0.0.0 255.255.255.0 any (vs 0.0.0.255)

AUTHOR

Jeremy Kister : http://jeremy.kister.net./

To install Cisco::Regex, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Cisco::Regex

CPAN shell

perl -MCPAN -e shell
install Cisco::Regex

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)