[j-nsp] Re: [nsp] Announcing aclmaker-1.04rc1, with check for
unused ACLs (fwd)
John Kristoff
jtk at northwestern.edu
Mon Jan 12 22:47:10 EST 2004
On Tue, 13 Jan 2004 00:23:40 +0200 (EET)
Pekka Savola <pekkas at netcore.fi> wrote:
> Anyone created similar ones for checking extra config for JunOS?
> (Yeah, yeah .. just a couple of hours of scripting..:)
A few minutes anyway. Here is a start of something. Not well tested,
but public domain for anyone who wants to build off it.
#!/bin/sh
#
# filter-usage - list firewall filters from stored configs that are not in use
#
# requires: perl5 or later in the path
# find, grep, sort and uniq in the path
# Juniper JUNOS stored configs
#
# 2004-01-12,jtk
if [ $# -eq 0 ] ; then
echo " Usage: $0 path-to-router-config-file-directory"
echo " Usage: $0 a-single-router-config-file"
echo "Example: $0 /var/configs"
echo "Example: $0 /var/configs/chicago-confg"
exit 1
fi
search() {
# filter
for filter in `egrep "^ *filter .*{$" $confg | sort | uniq | perl -ne '/^ *filter (\S+) .*{$/ ; print "$1\n"'` ; do
if [ `egrep -c "^ *(input|output) $filter\;$" $confg` = 0 ] ; then
echo $confg:acl=$filter unused
fi
done
}
if test -f "$1" ; then
confg=$1
search
elif test -d "$1" ; then
for confg in `find $1/.* $1/* -prune ! -type d -exec ls {} \;` ; do
search
done
fi
# end script
John
More information about the juniper-nsp
mailing list