New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance ACL parser to support inactive addresses in Juniper firewall filters #132

Merged
merged 1 commit into from Oct 24, 2013

Conversation

Projects
None yet
2 participants
@jathanism
Member

jathanism commented Oct 24, 2013

The trigger.acl.TIP object needs to be enhanced to support inactive: {address} form of IP addresses inside of ACL terms.

The objects need to be skipped for the purpose of access-checking as if it's not even there. We should probably add an iactive boolean attribute to the object similar to the attribute of the same name on trigger.acl.Term objects. This value should default to False.

TIP objects with inactive=True sould stringify back to inactive: {address}.

@ghost ghost assigned watsonator Oct 17, 2013

@jathanism

This comment has been minimized.

Member

jathanism commented Oct 23, 2013

Should this also be possible?

from {
    source-address {
        inactive: 1.2.3.5/32 except;
        1.2.3.0/28;
        1.2.3.16/32;
    }
}

The plot thickens.

jathanism added a commit that referenced this pull request Oct 24, 2013

Merge pull request #132 from jathanism/issue-132
Enhance ACL parser to support inactive addresses in Juniper firewall filters

@jathanism jathanism merged commit b9d371e into trigger:develop Oct 24, 2013

1 check passed

default The Travis CI build passed
Details

@jathanism jathanism deleted the jathanism:issue-132 branch Oct 24, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment