[c-nsp] FWSM loading shuns
Oliver Gorwits
oliver.gorwits at oucs.ox.ac.uk
Sun Oct 19 06:34:31 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jeff,
Jeff Fitzwater wrote:
> Q. Has anybody found a way around this or even use SHUN?
>
> I thought that using the SHUN would be simpler than modifying an ACL,
> but it might be faster.
We're probably not a representative user of the FWSM (for various
uninteresting reasons), but we don't bother with shun, and instead
use an ACL.
To make life a little easier I wrote a few Perl modules, which are
available on CPAN, and can be used to semi-automate the process:
Net:Appliance::Session (like Net::Telnet but does SSH+more)
Net::Cisco::AccessList::Extended
Net::Cisco::ObjectGroup
There is a little hoop jumping required if you deal with FWSM
failover, but things can be made to work seamlessly.
Drop me a line if you need a hand,
regards,
oliver.
- --
Oliver Gorwits, Network and Telecommunications Group,
Oxford University Computing Services
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI+w032NPq7pwWBt4RAhGJAKDnhAVrBK6gKaw6yD8E5a7gDeXGHwCg8xlN
yj6Rg9KLTSvg6IOkOXNFW9I=
=0myt
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list