trigger.netscreen — Juniper NetScreen firewall parser
Parses and manipulates firewall policy for Juniper NetScreen firewall devices.
Broken apart from acl.parser because the approaches are vastly different from each
other.
-
class trigger.netscreen.NSRawPolicy(data, isglobal=0)
Container for policy definitions.
-
class trigger.netscreen.NSRawGroup(data)
Container for group definitions.
-
class trigger.netscreen.NetScreen
Parses and generates NetScreen firewall policy.
-
concatenate_grp(x)
Used by NetScreen class when grouping policy members.
-
handle_raw_netscreen(rows)
The parser will hand it’s final output to this function, which decodes
and puts everything in the right place.
-
netmask2cidr(iptuple)
Converts dotted-quad netmask to cidr notation
-
parse(data)
Parse policy into list of NSPolicy objects.
-
class trigger.netscreen.NSGroup(name=None, group_type='address', zone=None)
Container for address/service groups.
-
class trigger.netscreen.NSServiceBook(entries=None)
Container for built-in service entries and their defaults.
- Example:
- service = NSService(name=”stupid_http”)
service.set_source_port((1,65535))
service.set_destination_port(80)
service.set_protocol(‘tcp’)
print service.output()
-
class trigger.netscreen.NSAddressBook(name='ANY', zone=None)
Container for address book entries.
-
class trigger.netscreen.NSAddress(name=None, zone=None, addr=None, comment=None)
Container for individual address items.
-
class trigger.netscreen.NSService(name=None, protocol=None, source_port=(1, 65535), destination_port=(1, 65535), timeout=0, predefined=False)
Container for individual service items.
-
class trigger.netscreen.NSPolicy(name=None, address_book=<trigger.netscreen.NSAddressBook object at 0x43a7790>, service_book=<trigger.netscreen.NSServiceBook object at 0x43a7990>, address_groups=None, service_groups=None, source_zone='Untrust', destination_zone='Trust', id=0, action='permit', isglobal=False)
Container for individual policy definitions.