Provided by: fwbuilder_5.1.0-4_amd64 bug


       fwb_ipt - Policy compiler for Cisco IOS ACL


       fwb_iosacl [-vV] [-d wdir] [-4] [-6] [-i] -f data_file.xml object_name


       fwb_iosacl  is  firewall policy compiler component of Firewall Builder (see fwbuilder(1)).
       Compiler reads objects definitions and firewall description from the data  file  specified
       with   "-f"  option  and  generates  resultant  Cisco  IOS  ACL  configuration  file.  The
       configuration is written to the file with the name the same as the name  of  the  firewall
       object,  plus  extension ".fw". Compiler generates extended access lists for Cisco routers
       running IOS v12.x using "ip  access-list  <name>"  syntax.  Compiler  also  generates  "ip
       access-group"  commands  to assign access lists to interfaces. Generated ACL configuration
       can be uploaded to the router manually or using built-in  installer  in  the  fwbuilder(1)

       The  data file and the name of the firewall objects must be specified on the command line.
       Other command line parameters are optional.


       -4     Generate iptables script for IPv4 part of the policy. If any rules of the  firewall
              refer to IPv6 addresses, compiler will skip these rules.  Options "-4" and "-6" are
              exclusive. If neither option is used, compiler tries to generate both parts of  the
              script,  although  generation  of the IPv6 part is controlled by the option "Enable
              IPv6 support" in the "IPv6" tab of the firewall object  advanced  settings  dialog.
              This option is off by default.

       -6     Generate  iptables script for IPv6 part of the policy. If any rules of the firewall
              refer to IPv6 addresses, compiler will skip these rules.

       -f FILE
              Specify the name of the data file to be processed.

       -d wdir
              Specify working directory. Compiler creates file with  ACL  configuration  in  this
              directory.   If this parameter is missing, then generated ACL will be placed in the
              current working directory.

       -v     Be verbose: compiler prints diagnostic messages when it works.

       -V     Print version number and quit.

       -i     When this option is present, the last argument on the command line is  supposed  to
              be firewall object ID rather than its name


       Firewall Builder home page is located at the following URL:


       Please report bugs using bug tracking system on SourceForge:


       fwbuilder(1), fwb_pix(1), fwb_ipfw(1), fwb_ipf(1), fwb_ipt(1) fwb_pf(1)