Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A network security policy compiler. Netspoc is targeted at large environments with a large number of firewalls and admins. Firewall rules are derived from a single rule set. Supported are Cisco IOS, NX-OS, ASA and IPTables.
Perl HTML Other


A network security policy compiler.

Netspoc is free software to manage all the packet filter devices inside your network topology. Filter rules for each device are generated from one central ruleset, using a description of your network topology.

  • Supports Cisco and Linux devices
    • Chains for iptables.
    • Access lists for ASA, PIX, NX-OS
    • Access lists for IOS with and without Firewall Feature Set.
  • Rules are optimized globally
    • Adjacent IP ranges and port ranges are joined.
    • Redundant rules are removed and optionally warned about.
  • Highly optimized chains for iptables are generated.
  • Object-groups for ASA, PIX and NX-OS are generated.
  • IPSec configuration for Cisco ASA, ASA v8.4 and IOS is generated.
  • Commands for static routing are generated (optionally).
  • Network address translation (NAT) is supported.
  • NAT configuration for Cisco ASA and ASA v8.4 is generated.
  • HSRP / VRRP clusters are supported.
  • Multicast traffic for OSPF, EIGRP, HSRP, VRRP is supported.
  • Powerful rules language
    • Groups can be defined and reused in different rules.
    • Automatic groups utilize relationships of the topology.
  • Allows to define a secondary packet filter which gets simpler rules if a data stream has already been filtered at some other device.
  • Complex topologies with redundant paths are supported.
  • Pathrestrictions allow to restrict paths inside a redundant topology.
  • Supports network with isolated ports where traffic is entered and exited at the same interface of the packet filter.
Something went wrong with that request. Please try again.