Skip to content

Instantly share code, notes, and snippets.

@spdkils

spdkils/aclv2.g4

Created October 3, 2017 05:16
Show Gist options
  • Save spdkils/0b1f60b09ba423a16ff24cc7d5de604c to your computer and use it in GitHub Desktop.
Save spdkils/0b1f60b09ba423a16ff24cc7d5de604c to your computer and use it in GitHub Desktop.
Download ZIP
Cisco ACLs v2
Raw
aclv2.g4
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
grammar aclv2;
acl : ace+ EOF ;
ace : remarks*? action ops ;
remarks : remark+ ;
remark : REMARK ;
action : ( permit | deny )source dest ;
permit : PERMIT ( NAMED | NUM ) ;
deny : DENY ( NAMED | NUM ) ;
source : ( any | host | network ) ports? ;
dest : (any | host | network ) ports? ;
any : ANY ;
host : HOST ADDRESS ;
network : ADDRESS ( MASK | ADDRESS ) ;
ports : eq | lt | gt | range ;
eq : EQ ( PORT | NUM )+ ;
lt : LT ( PORT | NUM ) ;
gt : GT ( PORT | NUM ) ;
range : RNG ( PORT | NUM ) ( PORT | NUM ) ;
ops : icmp? est? reflect? log? ;
est : EST ;
reflect : REFLECT NAME ( TIMEOUT NUM )?;
log : LOG ;
icmp : ICMP_PORTS | ( NUM NUM ) ;
REMARK : 'remark' LINE NL ;
fragment LINE : .+? ;
fragment NL : '\r'? '\n' ;
ANY : 'any' ;
EST : 'established' ;
LOG : 'log-input' | 'log' ;
PERMIT : 'permit' ;
DENY : 'deny' ;
NAMED : 'ip' | 'tcp' | 'udp' | 'icmp' | 'ahp' | 'eigrp' | 'esp'
| 'gre' | 'igmp' | 'ipinip' | 'nos' | 'ospf' | 'pcp' | 'pim' ;
REFLECT : 'reflect' ;
TIMEOUT : 'timeout' ;
EQ : 'eq' ;
LT : 'lt' ;
GT : 'gt' ;
RNG : 'range' ;
HOST : 'host' ;
MASK : ZERO DOT QUAD DOT QUAD DOT QUAD ;
ADDRESS : QUAD DOT QUAD DOT QUAD DOT QUAD ;
PORT : ( TCP_PORTS | UDP_PORTS ) ;
fragment DOT : '.' ;
fragment ZERO : [0] ;
fragment DIG : [0-9] ;
fragment LO4 : [0-4] ;
fragment LO5 : [0-5] ;
fragment ONE : '1' ;
fragment TWO : '2' ;
fragment QUAD : TWO LO5 LO5 | TWO LO4 DIG | ONE DIG DIG | DIG DIG | DIG ;
ICMP_PORTS : 'administratively-prohibited' | 'alternate-address'
| 'conversion-error' | 'dod-host-prohibited' | 'dod-net-prohibited'
| 'dscp' | 'echo' | 'echo-reply' | 'fragments'
| 'general-parameter-problem' | 'host-isolated'
| 'host-precedence-unreachable' | 'host-redirect'
| 'host-tos-redirect' | 'host-tos-unreachable' | 'host-unknown'
| 'host-unreachable' | 'information-reply' | 'information-request'
| 'mask-reply' | 'mask-request' | 'mobile-redirect' | 'net-redirect'
| 'net-tos-redirect' | 'net-tos-unreachable' | 'net-unreachable'
| 'network-unknown' | 'no-room-for-option' | 'option'
| 'option-missing' | 'packet-too-big' | 'pak-len'
| 'parameter-problem' | 'port-unreachable' | 'precedence'
| 'precedence-unreachable' | 'protocol-unreachable'
| 'reassembly-timeout' | 'redirect' | 'reflect'
| 'router-advertisement' | 'router-solicitation' | 'source-quench'
| 'source-route-failed' | 'time-exceeded' | 'time-range'
| 'timestamp-reply' | 'timestamp-request' | 'tos' | 'traceroute'
| 'ttl' | 'ttl-exceeded' | 'unreachable'
;
UDP_PORTS : 'biff' | 'bootpc' | 'bootps' | 'discard' | 'dnsix'
| 'domain' | 'echo' | 'isakmp' | 'mobile-ip' | 'nameserver'
| 'netbios-dgm' | 'netbios-ns' | 'netbios-ss' | 'non500-isakmp'
| 'ntp' | 'pim-auto-rp' | 'rip' | 'snmp' | 'snmptrap' | 'sunrpc'
| 'syslog' | 'tacacs' | 'talk' | 'tftp' | 'time' | 'who' | 'xdmcp'
;
TCP_PORTS : 'bgp'
| 'chargen' | 'cmd' | 'daytime' | 'discard' | 'domain' | 'echo'
| 'exec' | 'finger' | 'ftp' | 'ftp-data' | 'gopher' | 'hostname'
| 'ident' | 'irc' | 'klogin' | 'kshell' | 'login' | 'lpd' | 'nntp'
| 'pim-auto-rp' | 'pop2' | 'pop3' | 'smtp' | 'sunrpc' | 'syslog'
| 'tacacs' | 'talk' | 'telnet' | 'time' | 'uucp' | 'whois' | 'www'
;
NAME : [a-zA-Z\-]+ ;
NUM : DIG+ ;
WS : [ \r\n] -> skip ;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment