Firewall Wizards mailing list archives

RE: Cisco acls

From: "Luke Butcher" <Luke.Butcher () alphawest com au>
Date: Tue, 15 Mar 2005 09:02:33 +1100

 
Not sure about a lint checker and router ACLs unfortunately don't show a
hit count like PIX ones. So the only option is probably to add a log
keyword to your permit statements and then watch the logs to see if the
statements are being hit.

As for older ones it maybe a bit late for existing ones, but there is a
remark keyword in modern IOS(s?) which makes it very handy for
remembering why a certain line was there.

Regards,
Luke Butcher
Network/Security Consultant


-----Original Message-----
From: Mark Teicher [mailto:mht3 () earthlink net] 
Sent: Tuesday, 8 March 2005 11:06 PM
To: Bruce Smith
Cc: 'Eric Appelboom'; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Cisco acls

Has anyone seen or heard of a Cisco ACL lint checker to validate whether
a certain acl is being utilized or at all.  What about old acls that
have been around for a while, and no one understands why they were
inserted in the first place.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Cisco acls, (continued)
- RE: Cisco acls Behm, Jeffrey L. (Mar 04)
- RE: Cisco acls Matthew.Harvey () usdoj gov (Mar 04)
- RE: Cisco acls Paul Melson (Mar 04)
  - Re: Cisco acls Luca Berra (Mar 07)
- RE: Cisco acls Luke Butcher (Mar 06)
- RE: Cisco acls Luke Butcher (Mar 07)
  - RE: Cisco acls Andrew Yourtchenko (Mar 12)
- RE: Cisco acls MHawkins (Mar 07)
  - RE: Cisco acls Scott Stursa (Mar 12)
- Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 24)
  - RE: Cisco acls Scott Stursa (Mar 24)
- Fwd: Re: Cisco acls Mark Teicher (Mar 24)
- RE: Cisco acls Luke Butcher (Mar 30)
- RE: Cisco acls MHawkins (Mar 31)