#!/usr/bin/env python """ Copyright (C) 2005 Luke Kenneth Casson Leighton This program takes firewall builder .fwb scripts, chews the XML and spits forth HTML. It was written because there is a curious lack of reporting and print options in fwbuilder, which, in my mind, makes an extremely good program completely useless: no program as otherwise-comprehensive and important as fwbuilder should be without a damn print option! If this program breaks things for you: tough. If it doesn't provide all the information you wanted: tough. If you make mistakes in your firewall because you relied on this program instead of doing your job: tough. If you cannot accept responsibility for these things, DON'T use this program, and certainly keep away from me: I don't like people who can't accept responsibility for their lives, decisions or lack of. Warnings having been said: those people who find this program to be useful: if you can think of ways to improve it, if you like it, want it to do something better, or _have_ improved it, I would love to hear from you. P.S. you might have noticed i have a strange taste in colours, which is why i added a css/text section. feel free to burn your eyes out with your own evil colour schemes. """ # yes you will need python-xml libraries... from xml.dom.minidom import parseString, parse class fw: def __init__(self): self.hosts = {} self.descriptions = {} def print_comment(self, c): print '

'
		for l in c.split("\\n"):
			while l:
				bp = l.find(' ', 50)
				if bp < 50: bp = 50
				if len(l) >= 50:
					end = l.rfind(' ')
					if end <= 50:
						bp = end
				print "%s" % l[:bp]
				l = l[bp:]
		print '

' def decode_address_ranges(self, i): adrs = [] print '' for a in i: print '' self.descriptions[a.getAttribute('id')] = a.getAttribute('name') print """ """ % \ (a.getAttribute('name'), a.getAttribute('start_address'), a.getAttribute('end_address')) comment = a.getAttribute('comment') if comment: print '' print '' print '' print '' print '' print '

%s:	%s	%s
	' self.print_comment(comment) print '

' def decode_ipv4(self, i): adrs = [] print '' for a in i: self.descriptions[a.getAttribute('id')] = a.getAttribute('name') print '' print "" % \ (a.getAttribute('name'), a.getAttribute('address'), a.getAttribute('netmask')) print "" comment = a.getAttribute('comment') if comment: print '' print '' print '' print '' print '' print '

%s:	%s/%s
	' self.print_comment(comment) print '

' def decode_interface(self, i): self.descriptions[i.getAttribute('id')] = i.getAttribute('name') print '' print "Interface: %-8s %s " % \ (i.getAttribute('name'), i.getAttribute('label')) print "" self.decode_ipv4(i.getElementsByTagName('IPv4')) print "" print "" def get_desc(self, id): if type(id) is not list: id = [id] l = [] for i in id: l.append(self.descriptions.get(i, "" % str(i))) return '
'.join(l) def decode_host(self, h): self.descriptions[h.getAttribute('id')] = h.getAttribute('name') print "" print '' print '" print '

' print "Hostname: %s" % h.getAttribute('name') print "

' print "Hostname:
%s" % h.getAttribute('name') print "

' print "" print "" print '' for i in h.getElementsByTagName('Interface'): self.decode_interface(i) print '

' print "" def decode_hosts(self, o): print '' hl = o.getElementsByTagName('Host') for h in hl: print '' self.decode_host(h) print '' print '

' def decode_svc_icmp(self, t): self.descriptions[t.getAttribute('id')] = t.getAttribute('name') print """ Name: %-10s Code: %s Type: %s """ % \ (t.getAttribute('name'), t.getAttribute('code'), t.getAttribute('type')) def decode_svc_tcp(self, t): self.descriptions[t.getAttribute('id')] = t.getAttribute('name') start = int(t.getAttribute('dst_range_start')) end = int(t.getAttribute('dst_range_end')) if start == end: dest = '%d' % start else: dest = '%d-%d' % (start, end) print """ Name: %-10s Dest: %s """ % \ (t.getAttribute('name'), dest) def print_heading(self, sh): print '' print '' print '

' print sh print '

' def print_subheading(self, sh, comment=''): print '' print '' print '' print '' print '' print '

' print '' print '' print '

' print sh print '

' print '

' self.print_comment(comment) print '

' print '

' def decode_svc_group_members(self, i): print '' for a in i: print '' print """ """ % self.descriptions[a] print '' print '

%s

' def decode_svc_grp(self, h): self.descriptions[h.getAttribute('id')] = h.getAttribute('name') self.print_subheading("Service Group: %s" % h.getAttribute('name'), h.getAttribute('comment')) print '

' l = [] for n in h.getElementsByTagName('ServiceRef'): l.append(n.getAttribute('ref')) self.decode_svc_group_members(l) print '

' def decode_service_groups(self, o): ts = o.getElementsByTagName('ServiceGroup') self.print_subheading("Service Groups") print '

' for t in ts: n = t.getAttribute('name') if n == 'Groups': for g in t.getElementsByTagName('ServiceGroup'): self.decode_svc_grp(g) print '

' def decode_services(self, o): ts = o.getElementsByTagName('UDPService') self.print_subheading("UDP Services") print '' for t in ts: self.decode_svc_tcp(t) print '

' ts = o.getElementsByTagName('TCPService') self.print_subheading("TCP Services") print '' for t in ts: self.decode_svc_tcp(t) print '

' ts = o.getElementsByTagName('ICMPService') self.print_subheading("ICMP Services") print '' for t in ts: self.decode_svc_icmp(t) print '

' def get_srvref(self, c, ref): r = c.getElementsByTagName(ref) ans = [] for n in r[0].getElementsByTagName('ServiceRef'): ans.append(n.getAttribute('ref')) return ans def get_ref(self, c, ref): r = c.getElementsByTagName(ref) ans = [] for n in r[0].getElementsByTagName('ObjectRef'): ans.append(n.getAttribute('ref')) return ans def decode_policyrule(self, nr): print '' print ' %s ' % nr.getAttribute('action') comment = nr.getAttribute('comment') print '' self.print_comment(comment) print '' src = self.get_ref(nr, 'Src') dst = self.get_ref(nr, 'Dst') srv = self.get_srvref(nr, 'Srv') print """

Src:	%s
Dest:	%s
Service:	%s

""" % \ (self.get_desc(src), self.get_desc(dst), self.get_desc(srv)) print '' def decode_natrule(self, nr): print '' comment = nr.getAttribute('comment') print '' self.print_comment(comment) print '' osrc = self.get_ref(nr, 'OSrc') odst = self.get_ref(nr, 'ODst') osrv = self.get_srvref(nr, 'OSrv') tsrc = self.get_ref(nr, 'TSrc') tdst = self.get_ref(nr, 'TDst') tsrv = self.get_srvref(nr, 'TSrv') print """

Original Src:	%s
Original Dest:	%s
Original Service:	%s

""" % \ (self.get_desc(osrc), self.get_desc(odst), self.get_desc(osrv)) print """

Target Src:	%s
Target Dest:	%s
Target Service:	%s

""" % \ (self.get_desc(tsrc), self.get_desc(tdst), self.get_desc(tsrv)) print '' def decode_fw_interface(self, n): self.print_subheading("Interface: %s" % n.getAttribute('name'), n.getAttribute('comment')) print '' for pr in n.getElementsByTagName('PolicyRule'): self.decode_policyrule(pr) print '

' def decode_policy(self, n): self.print_subheading("Policy:") print '' for nr in n.getElementsByTagName('PolicyRule'): self.decode_policyrule(nr) print '

' def decode_nat(self, n): self.print_subheading("NAT:") print '' for nr in n.getElementsByTagName('NATRule'): self.decode_natrule(nr) print '

' def decode_group_members(self, i): print '' for a in i: print '' print """ """ % self.descriptions[a] print '' print '

%s

' def decode_group(self, h): self.descriptions[h.getAttribute('id')] = h.getAttribute('name') self.print_subheading("Group: %s" % h.getAttribute('name'), h.getAttribute('comment')) print '

' l = [] for n in h.getElementsByTagName('ObjectRef'): l.append(n.getAttribute('ref')) self.decode_group_members(l) print '

' def decode_groups(self, h): print '

' for n in h.getElementsByTagName('ObjectGroup'): self.decode_group(n) print '

' def decode_firewall(self, h): self.print_subheading("Firewall: %s" % h.getAttribute('name')) print '

' for n in h.getElementsByTagName('Interface'): self.decode_interface(n) for n in h.getElementsByTagName('Policy'): self.decode_policy(n) for n in h.getElementsByTagName('NAT'): self.decode_nat(n) for n in h.getElementsByTagName('Interface'): self.decode_fw_interface(n) print '

' def decode_firewalls(self, o): hl = o.getElementsByTagName('Firewall') for fw in hl: self.decode_firewall(fw) if __name__ == '__main__': from sys import argv fd = open(argv[1], "r") doc = parse(fd) f = fw() print "" print """ """ print "" lib = doc.getElementsByTagName('Library') f.descriptions['sysid0'] = 'Any Network' f.descriptions['sysid1'] = 'Any IP Service' svcs = doc.getElementsByTagName('ServiceGroup') for o in svcs: n = o.getAttribute('name') if n == 'Services': f.print_heading(n) f.decode_services(o) for o in svcs: n = o.getAttribute('name') if n == 'Services': f.decode_service_groups(o) objs = doc.getElementsByTagName('ObjectGroup') for o in objs: n = o.getAttribute('name') if n == 'Hosts': f.print_heading(n) f.decode_hosts(o) if n == 'Address Ranges': f.print_heading(n) f.decode_address_ranges(o.getElementsByTagName('AddressRange')) if n == 'Addresses': f.print_heading(n) f.decode_ipv4(o.getElementsByTagName('IPv4')) print for o in objs: n = o.getAttribute('name') if n == 'Groups': f.print_heading(n) f.decode_groups(o) print for o in objs: n = o.getAttribute('name') if n == 'Firewalls': f.print_heading(n) f.decode_firewalls(o) print print "" print ""