This is repository for project hosted on acl.frenzy.cz.
This web application allows you to check, which rule from your Cisco ACL affects your imaginary packet.
I use it when I have ACL with a lot of rules and trying to discover which rule permit or deny my connection trough firewall.
Preffered workflow is:
- Create imaginary packet:
- Choose connection type from selectbox - TCP, UDP, ICMP
- Enter source IP address
- Enter source port or leave this field blank for generate random source port
- Enter destination IP address
- Enter destination packet or leave this field blank for generate random destination port
- Paste your ACL to textbox
- Copy it from CLI (show ip access-list )
- Copy it from configuration file (ip access-list extended )
- Click to Analyze
The result is table with same rules as in your ACL but compared to your packet. Green rules permits packet and red rules denies packet. Any other rules with no special color has some mismatches between packet and rule definition and this mismatches is explained in last table column.
This project is in active development, but only for my needs.
If you want some more features, issues or pull-requests are welcome.
Lumír Balhar, [email protected], @lumirbalhar
GPL