[nsp] acl: how to suppress keyword for service in acl?
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu May 6 04:51:20 EDT 2004
> Is there an official place on the CCO site to get the cisco
> /etc/service alike file which is used for the keyword names? So I can
> get it per http and link it with my application each time a new
> version appeares.
I don't know of any such file, the port names are not stored in a
central location (unlike /etc/services). The easiest way to get a list
of all supported keywords names is the "?" within the parser, something
which could be automated using an expect script.
> Another help could be an official acl-syntax definition. At the
> moment, we lex/yacc our own acl language to do an offline check
> before applying the acls. This is ok and works, but it would be
> better to have access to an official electronic definition.
The official acl-syntax definition is in the command reference. It is
not in a lex/yacc style (BTW: the IOS parser does not use lex/yacc). You
can use "show parser dump ipenacl" to get some more extended ACL parse
info, but this might be too detailed..
oli
>
> On Wed, May 05, 2004 at 07:24:52PM +0200, Oliver Boehmer (oboehmer)
> wrote:
> > >
> > > is there a way to suppress the service keyword for the port in
> > > cisco access-lists?
> >
> > i.e. print "permit tcp ... eq 25" instead of "... eq smtp"?
> > No, there is no way to prevent IOS from printing the keyword..
> >
> > oli
More information about the cisco-nsp
mailing list