ACL Compliance Rule

mohsinarif

Hello Experts,

I am trying to write a rule for ACL compliance rule. Which checks the following:

1-Check if all the mandatory  Entries are present in the ACL,if so Pass the Rule.

2-Check if any of the mandatory entry is missing,hence violate the rule.

3-Check if all the mandatory entries are there with any extra line(s),in this case rule should be violated

4- order of the acl should not matter.

Example:

ip access-list standard XYZ

permit 10.10.10.10

permit 2.2.2.2

permit 192.168.1.0 0.0.0.255 log

permit 4.4.4.4 0.0.0.255 log-----Extra line,Rule violation should occur.

Since i a new to Regex,i tried various options.I can match all the mandatory line using:

^\s?permit (10.10.10.10.*|2.2.2.2.*|192.168.1.0.*)[\n\r]

but even if have any extra line,it still doesn't violates.

Your help will be appreciated.Thanks!

rfroembgen

Hi,

you can achieve this with some kind of "whitelist". You need a second regex (can be in the same rule) where you set the condition to "must not have" and the regex pattern with a negative lookahead:

in your case:

^permit\s(?!10\.10\.10.\10*|2\.2\.2\.2*|192\.168\.1\.0*).+

This will trigger on anything that is not included in this part: "(?!10\.10\.10.\10*|2\.2\.2\.2*|192\.168\.1\.0*)"

with your ACL example:

Hope this helps.

Best Regards

Rene