trigger.netscreen — Juniper NetScreen firewall parser

Parses and manipulates firewall policy for Juniper NetScreen firewall devices. Broken apart from acl.parser because the approaches are vastly different from each other.

class trigger.netscreen.NSAddress(name=None, zone=None, addr=None, comment=None)

Container for individual address items.

class trigger.netscreen.NSAddressBook(name='ANY', zone=None)

Container for address book entries.

class trigger.netscreen.NSGroup(name=None, group_type='address', zone=None)

Container for address/service groups.

class trigger.netscreen.NSPolicy(name=None, address_book=None, service_book=None, address_groups=None, service_groups=None, source_zone='Untrust', destination_zone='Trust', id=0, action='permit', isglobal=False)

Container for individual policy definitions.

class trigger.netscreen.NSRawGroup(data)

Container for group definitions.

class trigger.netscreen.NSRawPolicy(data, isglobal=0)

Container for policy definitions.

class trigger.netscreen.NSService(name=None, protocol=None, source_port=(1, 65535), destination_port=(1, 65535), timeout=0, predefined=False)

Container for individual service items.

class trigger.netscreen.NSServiceBook(entries=None)

Container for built-in service entries and their defaults.

Example:

service = NSService(name=”stupid_http”) service.set_source_port((1,65535)) service.set_destination_port(80) service.set_protocol(‘tcp’) print(service.output())

class trigger.netscreen.NetScreen

Parses and generates NetScreen firewall policy.

concatenate_grp(x)

Used by NetScreen class when grouping policy members.

handle_raw_netscreen(rows)

The parser will hand it’s final output to this function, which decodes and puts everything in the right place.

netmask2cidr(iptuple)

Converts dotted-quad netmask to cidr notation.

parse(data)

Parse policy into list of NSPolicy objects.