Does anyone know of a perl script that I can use to parse a Cisco PIX config file and have it suggest the creation of object groups and possibly summarize the ruleset? I've got a bunch of PIX configs that need to be cleaned up. Some are using conduits, some are using acl's. If nothing exists like this, does anyone have any suggestions for writing one in perl? I can't really think of a good way to go about it. For example, if I had this in the config: access-list outside_in permit ip 1.1.1.0 255.255.255.128 host 2.2.2.2 access-list outside_in permit ip 1.1.1.128 255.255.255.128 host 2.2.2.2 It would suggest replacement with: access-list outside_in permit ip 1.1.1.0 255.255.255.0 host 2.2.2.2 Or if I had: access-list outside_in permit ip 1.1.1.0 255.255.255.0 host 2.2.2.1 access-list outside_in permit ip 1.1.1.0 255.255.255.0 host 2.2.2.2 access-list outside_in permit ip 1.1.1.0 255.255.255.0 host 2.2.2.3 access-list outside_in permit ip 1.1.1.0 255.255.255.0 host 2.2.2.4 It would suggest making an object-group for the 2.2.2.x addresses and replacing the rules with: access-list outside_in permit ip 1.1.1.0 255.255.255.0 object-group mygroup ~jay