trigger.netscreen — Juniper NetScreen firewall parser

Parses and manipulates firewall policy for Juniper NetScreen firewall devices. Broken apart from acl.parser because the approaches are vastly different from each other.

class trigger.netscreen.NSRawPolicy(data, isglobal=0)

Container for policy definitions.

class trigger.netscreen.NSRawGroup(data)

Container for group definitions.

class trigger.netscreen.NetScreen

Parses and generates NetScreen firewall policy.


Used by NetScreen class when grouping policy members.


The parser will hand it’s final output to this function, which decodes and puts everything in the right place.


Converts dotted-quad netmask to cidr notation


Parse policy into list of NSPolicy objects.

class trigger.netscreen.NSGroup(name=None, group_type='address', zone=None)

Container for address/service groups.

class trigger.netscreen.NSServiceBook(entries=None)

Container for built-in service entries and their defaults.

service = NSService(name=”stupid_http”) service.set_source_port((1,65535)) service.set_destination_port(80) service.set_protocol(‘tcp’) print service.output()
class trigger.netscreen.NSAddressBook(name='ANY', zone=None)

Container for address book entries.

class trigger.netscreen.NSAddress(name=None, zone=None, addr=None, comment=None)

Container for individual address items.

class trigger.netscreen.NSService(name=None, protocol=None, source_port=(1, 65535), destination_port=(1, 65535), timeout=0, predefined=False)

Container for individual service items.

class trigger.netscreen.NSPolicy(name=None, address_book=<trigger.netscreen.NSAddressBook object at 0x43a7790>, service_book=<trigger.netscreen.NSServiceBook object at 0x43a7990>, address_groups=None, service_groups=None, source_zone='Untrust', destination_zone='Trust', id=0, action='permit', isglobal=False)

Container for individual policy definitions.

Previous topic

trigger.netdevices — Network device metadata library

Next topic

trigger.rancid — RANCID Compatibility Library

This Page