Google


NAME

netspoc - network security policy compiler


SYNOPSIS

netspoc input-dir output-dir

netspoc input-file output-dir


DESCRIPTION

The network security compiler takes a policy description recursively from all files in input-dir and places one file for each managed device into output-dir. Alternatively input may be read from a single input-file; this is mainly used for small examples or testing.


OPTIONS

Options may currently only be changed in the source file of netspoc.

$verbose = [0|1];
Controls whether netspoc shows output about different compiler phases and statistics on standard error.

$comment_acls = [0|1];
Add a comment line before each generated ACL entry. Comments use names of network objects as defined in the topology.

$comment_routes = [0|1];
Add a comment line before each generated routing entry. Comments use names of network objects as defined in the topology.

$warn_unused_groups = [0|1]
Gives warning for unused groups and service groups.

$strict_subnets = [0|1]
Allow subnets only if the enclosing network is marked as 'route_hint' or if the subnet is marked as 'subnet_of'.

$ignore_files = qr/^CVS$|^RCS$|^.#|^raw$|~$/;
Ignore these names when reading directories:
  • CVS and RCS directories

  • CVS working files

  • directory raw for prolog & epilog files

  • Editor backup files: emacs: *~

$max_errors = number;
Abort after this many errors.


AUTHOR

Heinz Knutzen <heinz.knutzen@users.berlios.de>


SEE ALSO

http://netspoc.berlios.de