Netspoc  6.035
About: NetSPoC is a network security policy compiler (using its own description language) to manage all the packet filter devices inside your network topology.
  Fossies Dox: Netspoc-6.035.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

Netspoc Documentation

Some Fossies usage hints in advance:

  1. To see the Doxygen generated documentation please click on one of the items in the steelblue colored "quick index" bar above or use the side panel at the left which displays a hierarchical tree-like index structure and is adjustable in width.
  2. If you want to search for something by keyword rather than browse for it you can use the client side search facility (using Javascript and DHTML) that provides live searching, i.e. the search results are presented and adapted as you type in the Search input field at the top right.
  3. Doxygen doesn't incorporate all member files but just a definable subset (basically the main project source code files that are written in a supported language). So to search and browse all member files you may visit the Fossies Netspoc-6.035.tar.gz contents page and use the Fossies standard member browsing features (also with source code highlighting and additionally with optional code folding).


A network security policy compiler.

Test Status Coverage Status

Netspoc has been migrated from Perl to Go (golang). Released CPAN packages will contain compiled binaries for Linux-x86_64 architecture. These will be installed along with Perl scripts, typically in /usr/local/bin.

Netspoc is free software to manage all the packet filter devices inside your network topology. Filter rules for each device are generated from one central ruleset, using a description of your network topology.

  • Supports Cisco and Linux devices
    • Chains for iptables.
    • Access lists for ASA, NX-OS
    • Access lists for IOS with and without Firewall Feature Set.
  • Rules are optimized globally
    • Adjacent IP ranges and port ranges are joined.
    • Redundant rules are removed and optionally warned about.
  • Highly optimized chains for iptables are generated.
  • Object-groups for ASA and NX-OS are generated.
  • IPSec configuration for Cisco ASA, ASA and IOS is generated.
  • Commands for static routing are generated (optionally).
  • Network address translation (NAT) is supported.
  • HSRP / VRRP clusters are supported.
  • Multicast traffic for OSPF, EIGRP, HSRP, VRRP is supported.
  • Powerful rules language
    • Groups can be defined and reused in different rules.
    • Automatic groups utilize relationships of the topology.
  • Allows to define a secondary packet filter which gets simpler rules if a data stream has already been filtered at some other device.
  • Complex topologies with redundant paths are supported.
  • Pathrestrictions allow to restrict paths inside a redundant topology.