Hi there, Is it possible to write a regex to parse Access rules from a Cisco config file. Right now I have a working code, built on a bunch of nested if's to parse it. But it is only as elegant as a tumbleweed and I want to know whether it can be improved upon.
The basic format is as below (format specific to access rules in a ASA firewall)
access-list $acl_name extended $action $protocol $source_network $dest_network $ports .*The challenging part is that some sections of the rule can have one, two or three words as below:
$protocols - (ip|tcp|udp) (1 word) object-group <protocol object-group name> (2 word) $source_network - host <host name> (2 words) <ip address> <wildcard mask> (2 words) object-group <network object-group name> (2 words) any (1 word) $dest_network - host <host name> (2 words) <ip address> <wildcard mask> (2 words) object-group <network object-group name> (2 words) any (1 word) $port - eq <port_no> (2 words) - range <low_port> <high_port> (3 words) - <blank> (0 word)
So, there are basically 2 x 2 x 2 x 3 = 24 possible formations. Can a regex with conditional matching and other advanced wizardry to tackle this particular case? I am not looking for 24 different patterns to match separately, it is only slightly better when compared to nested if code. Once I get a solution and hopefully understand it, I hope I can extended it to other form of ACLs (perhaps include Juniper devices also)
In reply to Regex to match a Cisco ACL by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |