Solved: Path in nacm rule

Ben Kelly · ‎09-27-2017

I'm trying to create a nacm rule for a particular service I've created. The service looks like this:

services fw_acl_03 bk-app-1

device [ svlngen4-fab6-dmzdc-02-fw1 ]

dmz_hosts 10.1.1.1

!

allowed_dest_entry 192.168.1.0/24

protocol tcp

dst_port_start 22

dst_port_end 22

!

The rule and path that I have specified is:

nacm rule-list bk-app-1

group [ app-group-1 ]

rule bk-app-1_allow

path /services/fw_acl_03/bk-app-1

access-operations create,read,update,delete

action permit

However, it's not matching. Is there an error in the path?

yfherzog · ‎09-27-2017

Hi,

Are you looking into blocking access to the specific instance of that service, rather than all instances?

If so, I think that the value to the path leaf in your rule should be a little different.

If you log into ncs_cli and display the xpath to your service instance, you'd see something like this:

show run services fw_acl_03 bk-app-1 | display xpath

/services/fw_acl_03[name='bk-app-1']

...

Note that instead of 'name' you'll see that actual name of the key leaf (which might be 'name', or something different).

You need to have that path in your rule instead of the one you have at the moment.

Yftach

yfherzog · ‎09-27-2017

Hi,