You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Capirca port-group doesn't group ports for same src/dst rules.
e.g. in the default cisco-sample.pol , add this
term accept-to-honestdns {
comment:: "Allow name resolution using honestdns."
destination-address:: GOOGLE_DNS
destination-port:: DNS DHCP
protocol:: udp tcp
action:: accept
}
Outputs:
object-group port 53-53
eq 53
exit
object-group port 67-68
range 67 68
exit
remark Allow name resolution using honestdns.
permit udp any net-group GOOGLE_DNS port-group 53-53
permit tcp any net-group GOOGLE_DNS port-group 53-53
permit udp any net-group GOOGLE_DNS port-group 67-68
permit tcp any net-group GOOGLE_DNS port-group 67-68
It would make sense to get something like:
object-group port DNS_DHCP
eq 53
range 67 68
exit
remark Allow name resolution using honestdns.
permit udp any net-group GOOGLE_DNS port-group DNS_DHCP
permit tcp any net-group GOOGLE_DNS port-group DNS_DHCP
This is specifically helpful when you have a list of ports sharing same src/dst permit statements
The text was updated successfully, but these errors were encountered:
Capirca port-group doesn't group ports for same src/dst rules.
e.g. in the default cisco-sample.pol , add this
Outputs:
It would make sense to get something like:
This is specifically helpful when you have a list of ports sharing same src/dst permit statements
The text was updated successfully, but these errors were encountered: