Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cisco ACL Targeted, Small-ish Updates #27

Closed
marshall-sg opened this issue May 28, 2020 · 0 comments · Fixed by #28
Closed

Cisco ACL Targeted, Small-ish Updates #27

marshall-sg opened this issue May 28, 2020 · 0 comments · Fixed by #28
Assignees
@marshall-sg
Labels
Bug Code bugs. Enhancement Enhance existing tool for end user. Good First Issue Issue does not require detailed knowledge to resolve. TODO Changes to code generally transparent to end users.

Comments

@marshall-sg
Copy link
Collaborator

marshall-sg commented May 28, 2020
edited
Loading

Targeted update requests:

  • Enable adding rule options which are impactful (e.g., established) to the rule. Probably should be represented in the service_set column as that's what other tools do currently. E.g., permit tcp any any established.
  • It appears ipv6 rules follow a different format than ipv4 (and what was expected). Add ipv6 support, e.g., https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/ipv6/configuration_guide/b_ipv6_3se_3650_cg/b_ipv6_3se_3650_cg_chapter_0111.html
  • Unapplied rules (i.e., those not assigned to an interface) should probably still be entered into the datastore. Set empty but required values to a known not-possibly-valid default (e.g., '-'). This may require changes to the associated graphing tool so as not to confuse defined but not-applied rules with being applied/enforced.
  • Try modifying github ci workflow to be pull_request synchronize only and see if that is what we want.
  • Cisco allows for referencing ACL lists that are not actually defined. We should record it as a notable ToolObservation.
@marshall-sg marshall-sg added Bug Code bugs. Enhancement Enhance existing tool for end user. Good First Issue Issue does not require detailed knowledge to resolve. TODO Changes to code generally transparent to end users. labels May 28, 2020
@marshall-sg marshall-sg self-assigned this May 28, 2020
@marshall-sg marshall-sg mentioned this issue May 29, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marshall-sg marshall-sg

Labels
Bug Code bugs. Enhancement Enhance existing tool for end user. Good First Issue Issue does not require detailed knowledge to resolve. TODO Changes to code generally transparent to end users.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cisco acl targeted netmeld/netmeld
1 participant
@marshall-sg