Display IP packet filters attached to router's interfaces
A few days ago, Jeremy Stretch asked me whether there's a command to display packet lists attached to router's interfaces. While he got pretty far with the output filters, he would like to have a nice tabular format as well as the contents of the access lists displayed next to the interfaces. The show ip access-list interface name command comes pretty close, but it displays the information only for a single interface, so it was time to write another Tcl script. To install it on your router:
- Download it from my web site and copy it to your router's flash or NVRAM.
- Define an alias, for example alias exec filters tclsh flash:packetFilters.tcl.
The script recognizes two parameters: the all parameter displays all interfaces, including ones with no access lists and the verbose parameter displays the contents of the access list after the interface name.
Here are a few sample printouts from one of my lab routers:
R2#filters
Interface Inbound Outbound
=========================================================
Serial1/0 101
Serial1/2 ICMP 101
R2#filters verbose
Serial1/0
====================
in: Extended IP access list 101
10 permit ip any any (2012 matches)
Serial1/2
====================
in: Extended IP access list ICMP
10 deny icmp any host 10.0.1.2 echo
20 deny icmp any host 10.2.0.2 echo
30 permit ip any any (637 matches)
out:Extended IP access list 101
10 permit ip any any (2012 matches)
