Hello, is there any way to write a parser for Cisco firewall configs with PLY?
I can't find a way to solve the shift/reduce conflict with the
"object-group" used within an access-list command.
For example:
object-group network A
description host used for A
network-object host 127.0.0.1
network-object host 127.0.0.2
object-group service B tcp
description tcp-ports used for B
port-object eq 1234
port-object eq 2345
object-group network C
description host used for C
network-object host 127.0.0.3
network-object host 127.0.0.4
object-group service D tcp
description tcp-ports used for D
port-object eq 3456
port-object eq 4567
access-list foo permit tcp object-group A object-group C
access-list foo permit tcp object-group A object-group B object-group C
access-list foo permit tcp object-group A object-group C object-group D
access-list foo permit tcp object-group A object-group B object-group C
object-group D
Obviously, I can't change the grammar. And precedence won't help either,
the two middle access-list commands are grouped this way:
access-list foo permit tcp ( object-group A object-group B ) object-group C
access-list foo permit tcp object-group A ( object-group C object-group D )
But this can only be recognized by checking the object-group if it's a
network or a service group.
Any idea how to solve this problem with PLY?
Kind regards,
Jürgen Kahnert
smime.p7s
Description: S/MIME cryptographic signature
