trigger.netscreen — Juniper NetScreen firewall parser

Parses and manipulates firewall policy for Juniper NetScreen firewall devices. Broken apart from acl.parser because the approaches are vastly different from each other.

class trigger.netscreen.NSAddress(name=None, zone=None, addr=None, comment=None)

Container for individual address items.

class trigger.netscreen.NSAddressBook(name='ANY', zone=None)

Container for address book entries.

class trigger.netscreen.NSGroup(name=None, group_type='address', zone=None)

Container for address/service groups.

class trigger.netscreen.NSPolicy(name=None, address_book=<trigger.netscreen.NSAddressBook object at 0x4eeae90>, service_book=<trigger.netscreen.NSServiceBook object at 0x4f19050>, address_groups=[], service_groups=[], source_zone='Untrust', destination_zone='Trust', id=0, action='permit', isglobal=False)

Container for individual policy definitions.

class trigger.netscreen.NSRawGroup(data)

Container for group definitions.

class trigger.netscreen.NSRawPolicy(data, isglobal=0)

Container for policy definitions.

class trigger.netscreen.NSService(name=None, protocol=None, source_port=(1, 65535), destination_port=(1, 65535), timeout=0, predefined=False)

Container for individual service items.

class trigger.netscreen.NSServiceBook(entries=[])

Container for built-in service entries and their defaults.

service = NSService(name=”stupid_http”) service.set_source_port((1,65535)) service.set_destination_port(80) service.set_protocol(‘tcp’) print service.output()
class trigger.netscreen.NetScreen

Parses and generates NetScreen firewall policy.


The parser will hand it’s final output to this function, which decodes and puts everything in the right place.


Converts dotted-quad netmask to cidr notation


Parse policy into list of NSPolicy objects.


Used by NetScreen class when grouping policy members.

Previous topic

trigger.netdevices — Network device metadata library

Next topic

trigger.tacacsrc — Network credentials library

This Page