rapolicy man page on SuSE
Man page or keyword search:  
man Server   14857 pages
apropos Keyword Search (all sections)
Output format
SuSE logo
[printable version] 
RAPOLICY(1)							   RAPOLICY(1)

NAME
       rapolicy	 -  compare a argus(8) data file/stream against a Cisco Access
       Control List.

COPYRIGHT
       Copyright (c) 2000-2008 QoSient. All rights reserved.

SYNOPSIS
       rapolicy -r argus-file [ra options]

DESCRIPTION
       Rapolicy reads argus data from an argus-file list, and tests the	 argus
       data  stream   against  a Cisco access control list configuration file,
       printing out records that represent activity  that  would  violate  the
       policy.	Rapolicy can be used to indicate access control violations, as
       well as test new access control definitions prior to installing them in
       a router.

OPTIONS
       Rapolicy,  like	all  ra	 based	clients,  supports  a  large number of
       options.	 Options that have specific meaning to rapolicy are:

	  -f <Cisco ACL file> Print records that violate the policy.
	  -D 0 (default)      Print records that violate the policy.
	  -D 1		      Print records and the violated ruleset.
	  -D 2		      Print all records and the ruleset that matched.

       See ra(1) for a complete description of ra options.

EXAMPLE INVOCATION
       rapolicy -r argus.file

CISCO ACL SYNTAX
       There does not seem to be  authoritative	 Cisco-ACL-Documentation,  nor
       ACL syntax standardization.  Because Cisco has been know to improve its
       ACL rules syntax, rapolicy is known  to	work  with  Cisco  ACL	router
       defintions up to July, 2002.

       A  Cisco	 ACL configuration file consists of a collection of any number
       of ACL statements, each on a separte line.  The syntax of an ACL stateā€
       ment is:

	  ACL	     = "access-list" ID ACTION PROTOCOL SRC DST NOTIFICATION

	  ID	     = Number
	  ACTION     = permit | deny
	  PROTO	     = protocol name | protocol number

	  SRC | DST  = ADDRESS [PORTMATCH]

	  ADDRESS    = any | host HOSTADDR | HOSTADDR HOSTMASK
	  HOSTADDR   = ipV4 address
	  HOSTMASK   = matching-mask

	  PORTMATCH  = PORTOP PORTNUM | range PORTRANGE
	  PORTOP     = eq | lt | gt | neq | established

	  PORTRANGE  =	PORTNUM PORTNUM
	  PORTNUM    =	TCP or UDP port value (unsigned decimal from 0 to 65535)

EXAMPLE CONFIGURATION
       This  example Cisco Access Control List configuration is provided as an
       example only.  No effort has been made  to  verify  that	 this  example
       Access  Control	List  enforces	a  useful access control policy of any
       kind.

       #allow www-traffic to webserver
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 80

       #allow ftp control connection to server
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 21

       #allow normal ftp
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 20

       #allow ftp passive conncetions in portrange 10000 to 10500
       access-list 102 permit tcp any host 193.174.13.99 range 10000 10500

       #dummy example
       access-list 102 permit tcp host 193.174.13.1 eq 12345 host 193.174.13.2 range 12345 23456

       #deny the rest
       access-list 102 deny tcp any any

       #same thing in other words:
       access-list 102 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

AUTHORS
       Carter Bullard (carter@qosient.com).
       Olaf Gellert (gellert@pca.dfn.de).

SEE ALSO
       ra(1), rarc(5), argus(8)

				 22 July 2002			   RAPOLICY(1)
[top]

List of man pages available for SuSE

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net