trigger.netscreen
— Juniper NetScreen firewall parser¶
Parses and manipulates firewall policy for Juniper NetScreen firewall devices. Broken apart from acl.parser because the approaches are vastly different from each other.
-
class
trigger.netscreen.
NSRawPolicy
(data, isglobal=0)¶ Container for policy definitions.
-
class
trigger.netscreen.
NSRawGroup
(data)¶ Container for group definitions.
-
class
trigger.netscreen.
NetScreen
¶ Parses and generates NetScreen firewall policy.
-
concatenate_grp
(x)¶ Used by NetScreen class when grouping policy members.
-
handle_raw_netscreen
(rows)¶ The parser will hand it’s final output to this function, which decodes and puts everything in the right place.
-
netmask2cidr
(iptuple)¶ Converts dotted-quad netmask to cidr notation
-
parse
(data)¶ Parse policy into list of NSPolicy objects.
-
-
class
trigger.netscreen.
NSGroup
(name=None, group_type='address', zone=None)¶ Container for address/service groups.
-
class
trigger.netscreen.
NSServiceBook
(entries=None)¶ Container for built-in service entries and their defaults.
- Example:
- service = NSService(name=”stupid_http”) service.set_source_port((1,65535)) service.set_destination_port(80) service.set_protocol(‘tcp’) print service.output()
-
class
trigger.netscreen.
NSAddressBook
(name='ANY', zone=None)¶ Container for address book entries.
-
class
trigger.netscreen.
NSAddress
(name=None, zone=None, addr=None, comment=None)¶ Container for individual address items.
-
class
trigger.netscreen.
NSService
(name=None, protocol=None, source_port=(1, 65535), destination_port=(1, 65535), timeout=0, predefined=False)¶ Container for individual service items.
-
class
trigger.netscreen.
NSPolicy
(name=None, address_book=<trigger.netscreen.NSAddressBook object>, service_book=<trigger.netscreen.NSServiceBook object>, address_groups=None, service_groups=None, source_zone='Untrust', destination_zone='Trust', id=0, action='permit', isglobal=False)¶ Container for individual policy definitions.