netspoc - network security policy compiler
netspoc input-dir output-dir
netspoc input-file output-dir
The network security compiler takes a policy description
recursively from all files in input-dir and places one file for
each managed device into output-dir.
Alternatively input may be read from a single input-file; this
is mainly used for small examples or testing.
Options may currently only be changed in the source file of netspoc.
$verbose = [0|1];
Controls whether netspoc shows output about different
compiler phases and statistics on standard error.
$comment_acls = [0|1];
Add a comment line before each generated ACL entry.
Comments use names of network objects as defined in
the topology.
$comment_routes = [0|1];
Add a comment line before each generated routing entry.
Comments use names of network objects as defined in
the topology.
$warn_unused_groups = [0|1]
Gives warning for unused groups and service groups.
$strict_subnets = [0|1]
Allow subnets only if the enclosing network is marked as 'route_hint'
or if the subnet is marked as 'subnet_of'.
$ignore_files = qr/^CVS$|^RCS$|^.#|^raw$|~$/;
Ignore these names when reading directories:
CVS and RCS directories
CVS working files
directory raw for prolog & epilog files
Editor backup files: emacs: *~
$max_errors = number;
Abort after this many errors.
Heinz Knutzen <heinz.knutzen@users.berlios.de >
http://netspoc.berlios.de