On Thu, Apr 8, 2010 at 9:35 PM, Brielle Bruns <bruns@2mbit.com> wrote:
I grabbed that access-list from the routers directly, so thats why it's been generated already. If there's a tool for UNIX/Linux that can generate the wildcard masks from CIDR in bulk for use in creating ACLs, I'd be happy to put it up on the page.
UNIX/Linux users can probably accomplish using simple scripting, since there are perl modules such as NetAddr::IP available. eg #!/usr/bin/perl use Net::CIDR qw/cidradd/; use NetAddr::IP; @list=(); while (<>) { chomp; while ( $_ =~ s/^\s*([a-fA-F0-9:.]+)\/(\d+)\s*/ / ) { @list = cidradd($1 . '/' . $2, @list); } } for (@list) { $ip = new NetAddr::IP($_); print "access-list 199 deny " . $ip->addr() . " " . $ip->wildcard() . "\n" ; } -- -J