You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Use the included NETWORK.net & SERVICES.svc definition files included & the
attached policy file, test_cisco_object_group.pol.
2. Run aclgen.py on this policy file:
./aclgen.py -d def -p policies/test_cisco_object_group.pol -o output
3. Review the output file.
What is the expected output? What do you see instead?
I've attached the generated output file, test_cisco_object_group.acl. It
creates an object group for GOOGLE_DNS:
object-group ip address GOOGLE_DNS
8.8.4.4 255.255.255.255
8.8.8.8 255.255.255.255
exit
But when actually writing the ACL, it uses the IP addresses for the addgroup
instead of the object group name:
permit 17 addrgroup 0.0.0.0/0 addrgroup 8.8.4.4/32 portgroup 53-53
permit 17 addrgroup 0.0.0.0/0 addrgroup 8.8.8.8/32 portgroup 53-53
permit 17 addrgroup 0.0.0.0/0 addrgroup 2001:4860:4860::8844/128 portgroup 53-53
permit 17 addrgroup 0.0.0.0/0 addrgroup 2001:4860:4860::8888/128 portgroup 53-53
It also uses a 0.0.0.0/0 address group which isn't a defined object group (I
would expect it to just use the keyword any).
What version of the product are you using? On what operating system?
SVN revision 259 on OS X 10.6.8 (Python 2.7.1).
Original issue reported on code.google.com by [email protected] on 30 Oct 2014 at 9:23
Original issue reported on code.google.com by
[email protected]on 30 Oct 2014 at 9:23Attachments:
The text was updated successfully, but these errors were encountered: