ACL configuration sample using CSharp .Net

ACL configuration sample Csharp file
Summary

Some commands given under will deny all traffic, So please take care while running. Some acl's will prompt error saying "ACL with identical parameter specification already exists" for details, please refer to ICG.
NetScaler ACLs follow a priority ordering for details on priority ordering, please refer to ICG.
Download

Download Sample File
Code Snippet

using System;
using System.Runtime.Remoting;
using System.Xml.Serialization;
using System.Web.Services;
    
	namespace NSConfig {
		public class ClientService : NSConfigService

                {
                        private static string cookie = null;
                        /* override the getWebRequest to send cookie */
                        protected override System.Net.WebRequest  GetWebRequest(Uri uri)
                        {
                                System.Net.HttpWebRequest req = (System.Net.HttpWebRequest) base.GetWebRequest(uri);
                                if (cookie != null)
                                {
                                        req.Headers.Add("Set-Cookie", cookie);
                                }
                                return req;
                        }
                        /* override the getWebResponse to get the cookie */

                        protected override System.Net.WebResponse GetWebResponse(System.Net.WebRequest req)
                        {
                               System.Net.HttpWebResponse rep = (System.Net.HttpWebResponse) base.GetWebResponse(req);
                               if (rep.Headers["Set-Cookie"] != null)
                                {
                                       cookie = rep.Headers["Set-Cookie"];
                                }
                                return rep;
			}
                        public ClientService()
                        {
                                // Change the IP address pointing to netscaler.
                                this.Url = "http://10.102.4.111:18000";
                        }
                        public ClientService(string servername)
                        {
                                this.Url = "http://"+servername+"/soap";;
                        }
                }
	
	class acl 
	{
 		static ClientService client=null;
 
		[STAThread]
		static void Main(string[] args)
		{
			if ( args.Length < 3)
			{
				Console.WriteLine("Usage: getConfig <NS IP> username password");
				return;
			}
			string serverip = args[0];
			string username = args[1];
			string password = args[2];
			try {
          			Console.WriteLine("\nConnecting to server "+serverip+" ............\n");
				client = new ClientService(serverip);

				client.CookieContainer = new System.Net.CookieContainer();
				simpleResult result = client.login(username,password) ;
				Console.WriteLine("login : "+result.message);
       
				result = client.addnsacl("Deny_All",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_All : " + result.message);

				result = client.addnsacl("Deny_if",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_if : " + result.message);

				result = client.setnsacl_interface("Deny_if","1/1");
				Console.WriteLine("setnsacl_interface	Deny_if : " + result.message);

				result = client.addnsacl("allow_sip",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_sip : " + result.message);

				result = client.setnsacl_srcip("allow_sip",false,xacloperatorEnum.VALNOTSET,"10.102.3.84");
				Console.WriteLine("setnsacl_srcip	allow_sip : " + result.message);

				result = client.addnsacl("allow_sip_range",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_sip_range : " + result.message);

				result = client.setnsacl_srcip("allow_sip_range",false,xacloperatorEnum.VALNOTSET,"10.102.3.1-10.102.3.255");
				Console.WriteLine("setnsacl_srcip	allow_sip_range : " + result.message);

				result = client.addnsacl("Deny_sip",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_sip : " + result.message);

				result = client.setnsacl_srcip("Deny_sip",false,xacloperatorEnum.VALNOTSET,"10.102.3.108");
				Console.WriteLine("setnsacl_srcip	Deny_sip : " + result.message);

				result = client.addnsacl("Deny_sipr",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_sipr : " + result.message);

				result = client.setnsacl_srcip("Deny_sipr",false,xacloperatorEnum.VALNOTSET,"10.10.0.1-10.102.7.152");
				Console.WriteLine("setnsacl_srcip	Deny_sipr : " + result.message);

				result = client.addnsacl("allow_dip",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_dip : " + result.message);

				result = client.setnsacl_destip("allow_dip",false,xacloperatorEnum.VALNOTSET,"192.168.17.11");
				Console.WriteLine("setnsacl_destip	allow_dip : " + result.message);

				result = client.addnsacl("allow_dip_rng",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_dip_rng : " + result.message);

				result = client.setnsacl_destip("allow_dip_rng",false,xacloperatorEnum.VALNOTSET,"192.168.17.1-192.168.17.250");
				Console.WriteLine("setnsacl_destip	allow_dip_rng : " + result.message);

				result = client.addnsacl("Deny_dip",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_dip : " + result.message);

				result = client.setnsacl_destip("Deny_dip",false,xacloperatorEnum.VALNOTSET,"192.168.17.11");
				Console.WriteLine("setnsacl_destip	Deny_dip : " + result.message);

				result = client.addnsacl("Deny_dip_rng",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_dip_rng : " + result.message);

				result = client.setnsacl_destip("Deny_dip_rng",false,xacloperatorEnum.VALNOTSET,"192.168.17.1-192.168.17.99");
				Console.WriteLine("setnsacl_destip	Deny_dip_rng : " + result.message);

				result = client.addnsacl("deny_src_mac",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	deny_src_mac : " + result.message);

				result = client.setnsacl_srcmac("deny_src_mac","00:0d:9d:54:64:6a");
				Console.WriteLine("setnsacl_srcmac	deny_src_mac : " + result.message);

				result = client.addnsacl("acl_user_priority",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	acl_user_priority : " + result.message);

				result = client.setnsacl_priority("acl_user_priority",1);
				Console.WriteLine("setnsacl_priority	acl_user_priority : " + result.message);

				result = client.addnsacl("acl_NS_def_priority",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	acl_NS_def_priority : " + result.message);

				result = client.addnsacl("Deny_dip_intf",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_dip_intf : " + result.message);

				result = client.setnsacl_destip("Deny_dip_intf",false,xacloperatorEnum.VALNOTSET,"192.168.17.1");
				Console.WriteLine("setnsacl_destip	Deny_dip_intf : " + result.message);

				result = client.setnsacl_interface("Deny_dip_intf","1/1");
				Console.WriteLine("setnsacl_interface	Deny_dip_intf : " + result.message);

				result = client.addnsacl("Deny_dipR_intf",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_dipR_intf : " + result.message);

				result = client.setnsacl_destip("Deny_dipR_intf",false,xacloperatorEnum.VALNOTSET,"192.168.17.7-192.168.17.11");
				Console.WriteLine("setnsacl_destip	Deny_dipR_intf : " + result.message);

				result = client.setnsacl_interface("Deny_dipR_intf","1/1");
				Console.WriteLine("setnsacl_interface	Deny_dipR_intf : " + result.message);

				result = client.addnsacl("Deny_icmp",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_icmp : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_icmp",1);
				Console.WriteLine("setnsacl_protocolnumber	Deny_icmp : " + result.message);

				result = client.addnsacl("Deny_icmp_Prot",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_icmp_Prot : " + result.message);

				result = client.setnsacl_protocol("Deny_icmp_Prot",extaclprotoenumEnum.ICMP);
				Console.WriteLine("setnsacl_protocol	Deny_icmp_Prot : " + result.message);

				result = client.addnsacl("Deny_UDP",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_UDP : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_UDP",17);
				Console.WriteLine("setnsacl_protocolnumber	Deny_UDP : " + result.message);

				result = client.addnsacl("Deny_UDP_Prot",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_UDP_Prot : " + result.message);

				result = client.setnsacl_protocol("Deny_UDP_Prot",extaclprotoenumEnum.UDP);
				Console.WriteLine("setnsacl_protocol	Deny_UDP_Prot : " + result.message);

				result = client.addnsacl("Deny_TCP",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_TCP : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_TCP",6);
				Console.WriteLine("setnsacl_protocolnumber	Deny_TCP : " + result.message);

				result = client.addnsacl("Deny_TCP_Prot",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_TCP_Prot : " + result.message);

				result = client.setnsacl_protocol("Deny_TCP_Prot",extaclprotoenumEnum.TCP);
				Console.WriteLine("setnsacl_protocol	Deny_TCP_Prot : " + result.message);

				result = client.addnsacl("Deny_DNS",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_DNS : " + result.message);

				result = client.setnsacl_destport("Deny_DNS",false,xacloperatorEnum.VALNOTSET,"53");
				Console.WriteLine("setnsacl_destport	Deny_DNS : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_DNS",17);
				Console.WriteLine("setnsacl_protocolnumber	Deny_DNS : " + result.message);

				result = client.addnsacl("Deny_UDP_DPortR",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_UDP_DPortR : " + result.message);

				result = client.setnsacl_destport("Deny_UDP_DPortR",false,xacloperatorEnum.VALNOTSET,"53-8080");
				Console.WriteLine("setnsacl_destport	Deny_UDP_DPortR : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_UDP_DPortR",17);
				Console.WriteLine("setnsacl_protocolnumber	Deny_UDP_DPortR : " + result.message);

				result = client.addnsacl("Deny_UDP_SPort",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_UDP_SPort : " + result.message);

				result = client.setnsacl_srcport("Deny_UDP_SPort",false,xacloperatorEnum.VALNOTSET,"53");
				Console.WriteLine("setnsacl_srcport	Deny_UDP_SPort : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_UDP_SPort",17);
				Console.WriteLine("setnsacl_protocolnumber	Deny_UDP_SPort : " + result.message);

				result = client.addnsacl("Deny_UDP_SPortR",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_UDP_SPortR : " + result.message);

				result = client.setnsacl_srcport("Deny_UDP_SPortR",false,xacloperatorEnum.VALNOTSET,"53-8080");
				Console.WriteLine("setnsacl_srcport	Deny_UDP_SPortR : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_UDP_SPortR",17);
				Console.WriteLine("setnsacl_protocolnumber	Deny_UDP_SPortR : " + result.message);

				result = client.addnsacl("allow_FTP",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_FTP : " + result.message);

				result = client.setnsacl_destport("allow_FTP",false,xacloperatorEnum.VALNOTSET,"21");
				Console.WriteLine("setnsacl_destport	allow_FTP : " + result.message);

				result = client.setnsacl_protocolnumber("allow_FTP",6);
				Console.WriteLine("setnsacl_protocolnumber	allow_FTP : " + result.message);

				result = client.addnsacl("allow_TCP_1645",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_TCP_1645 : " + result.message);

				result = client.setnsacl_destport("allow_TCP_1645",false,xacloperatorEnum.VALNOTSET,"1645");
				Console.WriteLine("setnsacl_destport	allow_TCP_1645 : " + result.message);

				result = client.setnsacl_protocolnumber("allow_TCP_1645",6);
				Console.WriteLine("setnsacl_protocolnumber	allow_TCP_1645 : " + result.message);

				result = client.addnsacl("allow_TCP_DPortR",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_TCP_DPortR : " + result.message);

				result = client.setnsacl_destport("allow_TCP_DPortR",false,xacloperatorEnum.VALNOTSET,"53-8080");
				Console.WriteLine("setnsacl_destport	allow_TCP_DPortR : " + result.message);

				result = client.setnsacl_protocolnumber("allow_TCP_DPortR",6);
				Console.WriteLine("setnsacl_protocolnumber	allow_TCP_DPortR : " + result.message);

				result = client.addnsacl("allow_TCP_SPortR",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_TCP_SPortR : " + result.message);

				result = client.setnsacl_srcport("allow_TCP_SPortR",false,xacloperatorEnum.VALNOTSET,"53-8080");
				Console.WriteLine("setnsacl_srcport	allow_TCP_SPortR : " + result.message);

				result = client.setnsacl_protocolnumber("allow_TCP_SPortR",6);
				Console.WriteLine("setnsacl_protocolnumber	allow_TCP_SPortR : " + result.message);

				result = client.addnsacl("allow_TCP_SPort",extaclactionEnum.ALLOW,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	allow_TCP_SPort : " + result.message);

				result = client.setnsacl_srcport("allow_TCP_SPort",false,xacloperatorEnum.VALNOTSET,"53");
				Console.WriteLine("setnsacl_srcport	allow_TCP_SPort : " + result.message);

				result = client.setnsacl_protocol("allow_TCP_SPort",extaclprotoenumEnum.TCP);
				Console.WriteLine("setnsacl_protocol	allow_TCP_SPort : " + result.message);

				result = client.addnsacl("Deny_sip_dip",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_sip_dip : " + result.message);

				result = client.setnsacl_srcip("Deny_sip_dip",false,xacloperatorEnum.VALNOTSET,"10.102.3.108");
				Console.WriteLine("setnsacl_srcip	Deny_sip_dip : " + result.message);

				result = client.setnsacl_destip("Deny_sip_dip",false,xacloperatorEnum.VALNOTSET,"192.168.17.11");
				Console.WriteLine("setnsacl_destip	Deny_sip_dip : " + result.message);

				result = client.addnsacl("Deny_sip_dip_udp",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_sip_dip_udp : " + result.message);

				result = client.setnsacl_srcip("Deny_sip_dip_udp",false,xacloperatorEnum.VALNOTSET,"10.102.3.108");
				Console.WriteLine("setnsacl_srcip	Deny_sip_dip_udp : " + result.message);

				result = client.setnsacl_destip("Deny_sip_dip_udp",false,xacloperatorEnum.VALNOTSET,"192.168.17.11");
				Console.WriteLine("setnsacl_destip	Deny_sip_dip_udp : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_sip_dip_udp",17);
				Console.WriteLine("setnsacl_protocolnumber	Deny_sip_dip_udp : " + result.message);

				result = client.addnsacl("Allow_sip_dip_tcp",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Allow_sip_dip_tcp : " + result.message);

				result = client.setnsacl_srcip("Allow_sip_dip_tcp",false,xacloperatorEnum.VALNOTSET,"10.102.3.1-10.102.3.108");
				Console.WriteLine("setnsacl_srcip	Allow_sip_dip_tcp : " + result.message);

				result = client.setnsacl_destip("Allow_sip_dip_tcp",false,xacloperatorEnum.VALNOTSET,"192.168.17.11");
				Console.WriteLine("setnsacl_destip	Allow_sip_dip_tcp : " + result.message);

				result = client.setnsacl_protocolnumber("Allow_sip_dip_tcp",6);
				Console.WriteLine("setnsacl_protocolnumber	Allow_sip_dip_tcp : " + result.message);

				result = client.addnsacl("Deny_sip_dip_dport",extaclactionEnum.DENY,0xFFFFFFFF,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	Deny_sip_dip_dport : " + result.message);

				result = client.setnsacl_srcip("Deny_sip_dip_dport",false,xacloperatorEnum.VALNOTSET,"192.168.17.11");
				Console.WriteLine("setnsacl_srcip	Deny_sip_dip_dport : " + result.message);

				result = client.setnsacl_destip("Deny_sip_dip_dport",false,xacloperatorEnum.VALNOTSET,"10.102.3.108");
				Console.WriteLine("setnsacl_destip	Deny_sip_dip_dport : " + result.message);

				result = client.setnsacl_destport("Deny_sip_dip_dport",false,xacloperatorEnum.VALNOTSET,"15");
				Console.WriteLine("setnsacl_destport	Deny_sip_dip_dport : " + result.message);

				result = client.setnsacl_protocolnumber("Deny_sip_dip_dport",17);
				Console.WriteLine("setnsacl_protocolnumber	Deny_sip_dip_dport : " + result.message);

				result = client.setnsacl_interface("Deny_sip_dip_dport","1/1");
				Console.WriteLine("setnsacl_interface	Deny_sip_dip_dport : " + result.message);

				result = client.disablensacl("Deny_sip_dip_dport");
				Console.WriteLine("disablensacl	Deny_sip_dip_dport : " + result.message);

				result = client.enablensacl("Deny_sip_dip_dport");
				Console.WriteLine("enablensacl	Deny_sip_dip_dport : " + result.message);

				result = client.rmnsacl("Deny_sip_dip_dport");
				Console.WriteLine("rmnsacl	Deny_sip_dip_dport : " + result.message);

				result = client.addnsacl("acl_ttl",extaclactionEnum.ALLOW,10,false,0xFFFFFFFF,0xFFFFFFFF);
				Console.WriteLine("addnsacl	acl_ttl : " + result.message);

				result = client.logout();
				Console.WriteLine("logout : " + result.message); 
			}
			catch (Exception ex) {
			      Console.WriteLine( "Exception: "+ex.ToString());
			}
		}

	}
	}
ACL configuration sample using CSharp .Net

Summary

Download

Code Snippet

More Information

Search

Related Links

Subscriptions

Popular Tags

Top Users

Add to Bookmarks


Add new tags for this page.