This is a simple script to easily grep ACL control files from various sources.

It knows about IP addresses and subnet masks providing some advantage over using the standard grep command.

If you are looking for a certain IP address all lines whose subnets contain the IP address will match. Additionally you can filter for ports and give different parameters for source and destination.

Basic usage information is available on the command line when using the -h oder --help switch.

Usage: aclgrep.py [options] [file, file, ...]

Options:
  -h, --help            show this help message and exit
  -a, --any             Match ACLs with 'any', too
  -i SOURCE_IP, --sip=SOURCE_IP
                        Source IP to look for
  -p SOURCE_PORT, --sport=SOURCE_PORT
                        Source port to look for
  -I DESTINATION_IP, --dip=DESTINATION_IP
                        Destination IP to look for
  -P DESTINATION_PORT, --dport=DESTINATION_PORT
                        Destination port to look for
  -o PROTOCOL, --proto=PROTOCOL
                        Protocol to look for

One goal was to make the script as portable as possible:

• everything you need is a somewhat recent Python installation
• no installation required
• single file

To use this you only need the aclgrep.py script from the main directory. All other files are test cases used during development.

Important note: This is still work in progress, so expect errors to occur!