NAME
netspoc - network security policy compiler
SYNOPSIS
netspoc input-dir output-dir
netspoc input-file output-dir
DESCRIPTION
The network security compiler takes a policy description recursively from all files in input-dir and places one file for each managed device into output-dir. Alternatively input may be read from a single input-file; this is mainly used for small examples or testing.
OPTIONS
Options may currently only be changed in the source file of netspoc.
- $verbose = [0|1];
- Controls whether netspoc shows output about different compiler phases and statistics on standard error.
- $comment_acls = [0|1];
- Add a comment line before each generated ACL entry. Comments use names of network objects as defined in the topology.
- $comment_routes = [0|1];
- Add a comment line before each generated routing entry. Comments use names of network objects as defined in the topology.
- $warn_unused_groups = [0|1]
- Gives warning for unused groups and service groups.
- $strict_subnets = [0|1]
- Allow subnets only if the enclosing network is marked as 'route_hint' or if the subnet is marked as 'subnet_of'.
- $ignore_files = qr/^CVS$|^RCS$|^.#|^raw$|~$/;
-
Ignore these names when reading directories:
- CVS and RCS directories
- CVS working files
- directory raw for prolog & epilog files
- Editor backup files: emacs: *~
- $max_errors = number;
- Abort after this many errors.
AUTHOR
Heinz Knutzen <heinz.knutzen@users.berlios.de>