Python Script to convert firewall rules
Hello Experts
I am network engineer and not expert in programming. I would like to make one
python script to convert juniper netscreen firewall configuration into juniper
SRX firewall configuration. Sample is below. I would appreciate if anybody can
give me the high level steps to start with.
Juniper Netscreen
set interface ethernet0/0 ip 194.1.1.1/24
set interface ethernet0/0 route
set interface "ethernet0/0" zone "Untrust"
set interface ethernet2/5 ip 10.17.10.1/24
set interface ethernet2/5 route
set interface "ethernet2/5" zone "Mail DMZ"
set interface "ethernet0/0" mip 194.1.1.10 host 10.17.10.10 netmask
255.255.255.255 vr "trust-vr"
set interface "ethernet0/0" mip 194.1.1.20 host 10.17.10.20 netmask
255.255.255.255 vr "trust-vr"
set address "Mail DMZ" "mx1.union.com" 10.17.10.10 255.255.255.255
set address "Mail DMZ" "mx2.union.com" 10.17.10.20 255.255.255.255
set policy id 100 name "CR567" from "Untrust" to "DMZ" "Any"
"MIP(194.1.1.10)" "SMTP" permit log
set policy id 100
set dst-address "MIP(194.1.1.20)"
set log session-init
exit
Juniper SRX
--
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 194.1.1.1/24;
}
}
}
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
security {
nat {
static {
rule-set static-nat-"Untrust" {
from zone "Untrust";
rule rule-1 {
match {
destination-address 194.1.1.10/32;
}
then {
static-nat prefix 10.17.10.10/32;
}
}
rule rule-2 {
match {
destination-address 194.1.1.20/32;
}
then {
static-nat prefix 10.17.10.20/32;
}
}
}
}
proxy-arp {
interface ge-0/0/0.0 {
address {
194.1.1.10/32;
194.1.1.20/32;
}
}
}
}
zones {
security-zone Untrust {
interfaces {
ge-0/0/0.0;
}
}
security-zone DMZ {
address-book {
address mx1.union.com 10.17.10.10/32;
address mx2.union.com 10.17.10.20/32;
}
interfaces {
ge-2/0/5.0;
}
}
}
policies {
from-zone Untrust to-zone DMZ {
/* "CR567" */
policy 100 {
match {
source-address any;
destination-address [ mx1.union.com mx2.union.com ];
application junos-smtp;
}
then {
permit;
log {
session-init;
}
}
}
}
}
}
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
Hi Jason
Thanks for the reply. Yes I can make the all possible keywords/values for both
formate. But after that what gonna be the logic to convert one format to other
format. Like to convert one line below are the keywords:
set interface ethernet2/5 ip 10.17.10.1/24 (format 1)
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format 2)
(set, interface, ip) = (set, interfaces, family inet address)
But some values are variable and should ask the user to convert manually like
ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2
And some values keep as it is like 10.17.10.1/24
Also then format 2 can be converted int o format 3 (as below) for more
readability of format 2. This is just optional.
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
On Friday, December 12, 2014 5:45:20 AM UTC+4, Jason Friedman wrote:
> I am network engineer and not expert in programming. I would like to make one
> python script to convert juniper netscreen firewall configuration into
> juniper SRX firewall configuration.
>
>
>
> Looks pretty tricky, do you have a specification for each format containing
> all the possible keywords/values?
>
>
> If you could describe the logic in English then writing the equivalent in
> Python would be straightforward for many people on this list.
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
On Saturday, December 13, 2014 6:31:34 AM UTC+4, Jason Friedman wrote:
> Thanks for the reply. Yes I can make the all possible keywords/values for
> both formate. But after that what gonna be the logic to convert one format to
> other format. Like to convert one line below are the keywords:
>
>
>
> set interface ethernet2/5 ip 10.17.10.1/24 (format 1)
>
> set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format 2)
>
>
>
> (set, interface, ip) = (set, interfaces, family inet address)
>
>
>
> But some values are variable and should ask the user to convert manually like
> ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2
>
>
>
> And some values keep as it is like 10.17.10.1/24
>
>
>
> Also then format 2 can be converted int o format 3 (as below) for more
> readability of format 2. This is just optional.
>
>
>
> interfaces {
>
> ge-2/0/5 {
>
> unit 0 {
>
> family inet {
>
> address 10.17.10.1/24;
>
> }
>
> }
>
> }
>
> }
>
>
>
>
> Note that the practice on this list is to put your response after the
> (edited) portion of the previous posts.
>
>
> Are you willing to learn some Python, if someone gets you started?
>
> Would it be helpful if someone provided Python code to convert this:
>
> set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24
>
>
> to this:
>
>
> interfaces {
>
> ge-2/0/5 {
>
> unit 0 {
>
> family inet {
>
> address 10.17.10.1/24;
>
> }
>
> }
>
> }
>
> }
>
>
> ?
Hello
Thanks for the reply. I am learning python using CBT nuggets for python. But If
you can refer me some good course, that should be practical then it would be
great.
For my requirement, if you can give me the best approach to start with or high
level steps or give me some sample cod, I really appreciate that.
Regards,
Kashif
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
Hi Jason
Thank you very much. Appreciated ! But the first requirement was to convert
format1 to format2 as below:
set interface ethernet2/5 ip 10.17.10.1/24 (format 1)
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format 2)
(set, interface, ip) = (set, interfaces, family inet address)
But some values are variable and should ask the user to convert manually
like ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2
And some values keep as it is like 10.17.10.1/24
Thanks and Regards,
Kashif
On Sun, Dec 14, 2014 at 5:35 AM, Jason Friedman wrote:
>
> > Thanks for the reply. I am learning python using CBT nuggets for python.
> But If you can refer me some good course, that should be practical then it
> would be great.
> >
> > For my requirement, if you can give me the best approach to start with
> or high level steps or give me some sample cod, I really appreciate that.
> >
> Good, some other sources for learning:
> https://docs.python.org/3/tutorial/
> http://learnpythonthehardway.org/
>
> Here's some code to get you started (version 3.4.0):
>
> """
> convert
>
> set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24
>
> to
>
> interfaces {
> ge-2/0/5 {
> unit 0 {
> family inet {
> address 10.17.10.1/24;
> }
> }
> }
> }
> """
>
> class interface():
> attribute_name_list = ("ge", "unit", "family", "address")
> def __init__(self, ge, unit, family, address):
> self.ge = ge
> self.unit = unit
> self.family = family
> self.address = address
>
> def convert(interface_list, indent=4):
> indentation = 0
> return_list = list()
> return_list.append(" " * indentation + "interfaces {")
> for interface in interface_list:
> for attribute_name in interface.attribute_name_list:
> indentation += indent
> text = "%s %s {" % (attribute_name, getattr(interface,
> attribute_name))
> return_list.append(" " * indentation + text)
> while indentation > indent:
> indentation -= indent
> return_list.append(" " * indentation + "}")
> indentation -= indent
> return_list.append("}")
> return "\n".join(return_list)
>
> if __name__ == "__main__":
> interface1 = interface("0/0/0", "0", "inet", "10.17.10.1/24")
> interface2 = interface("2/0/5", "0", "inet", "11.18.10.1/24")
> print(convert((interface1, interface2, )))
>
--
https://mail.python.org/mailman/listinfo/python-list
Python re to extract useful information from each line
Hello Experts I have below lines with some variations. 1- set policy id 1000 from "Untrust" to "Trust" "Any" "1.1.1.1" "HTTP" nat dst ip 10.10.10.10 port 8000 permit log 2- set policy id 5000 from "Trust" to "Untrust" "Any" "microsoft.com" "HTTP" nat src permit schedule "14August2014" log 3- set policy id 7000 from "Trust" to "Untrust" "Users" "Any" "ANY" nat src dip-id 4 permit log 4- set policy id 7000 from "Trust" to "Untrust" "servers" "Any" "ANY" deny Please help me to write the regular expression to extract below information in parenthesis, if exist from each line. Please note that some items may exist or not like nat or log set policy id (id) from (from) to (to) (source) (destination) (service) nat (src or dst) (dip-id 4) or (ip 10.10.10.10) port (dst-port) (action) schedule (schedule) (log) -- https://mail.python.org/mailman/listinfo/python-list
Re: Python re to extract useful information from each line
On Thursday, April 30, 2015 at 12:42:18 AM UTC+4, Kashif Rana wrote:
> Hello Experts
>
> I have below lines with some variations.
>
> 1- set policy id 1000 from "Untrust" to "Trust" "Any" "1.1.1.1" "HTTP" nat
> dst ip 10.10.10.10 port 8000 permit log
>
> 2- set policy id 5000 from "Trust" to "Untrust" "Any" "microsoft.com" "HTTP"
> nat src permit schedule "14August2014" log
>
> 3- set policy id 7000 from "Trust" to "Untrust" "Users" "Any" "ANY" nat src
> dip-id 4 permit log
>
> 4- set policy id 7000 from "Trust" to "Untrust" "servers" "Any" "ANY" deny
>
> Please help me to write the regular expression to extract below information
> in parenthesis, if exist from each line. Please note that some items may
> exist or not like nat or log
>
> set policy id (id) from (from) to (to) (source) (destination) (service) nat
> (src or dst) (dip-id 4) or (ip 10.10.10.10) port (dst-port) (action) schedule
> (schedule) (log)
I tried below re and its not working.
id\s(?P.+?)(?:\sname\s(?P.+?))?\sfrom\s(?P.+?)\sto\s(?P.+?)\s{2}(?P[^\s]+?)\s(?P[^\s]+?)\s(?P[^\s]+?)(?:\s(?Pnat)\s(?P\w+)(\s?Pdip-id\s\d+)?(\sip\s(?P[\d\.]+)\sport(?P\d+))?)?\s(?P[^\s]+?)(?:\sschedule\s(?P[^\s]+?))?(?P\slog)?$
If I ignore the line 1. I made below re and its working and giving me all info.
pol_elements =
re.compile('id\s(?P.+?)(?:\sname\s(?P.+?))?\sfrom\s(?P.+?)\sto\s(?P.+?)\s{2}(?P[^\s]+?)\s(?P[^\s]+?)\s(?P[^\s]+?)(?:(?P\snat)\s(?P[^\s]+?)(?P\sdip-id\s[^\s]+?)?)?\s(?P[^\s]+?)(?:\sschedule\s(?P[^\s]+?))?(?P\slog)?$'
)
--
https://mail.python.org/mailman/listinfo/python-list
Writing list of dictionaries to CSV
Hello Experts
When I am writing list of dictionaries to CSV file, the key 'schedule' has
value 'Mar 2012' becomes Mar-12. I really do not have clue why thats happening.
Below is the code.
dic_1 = {'action': 'permit',
'dst-address': 'maxprddb-scan-167, maxprddb-scan-168, maxprddb-scan-169',
'from': 'DMZ Web',
'id': '1000',
'log': 'Enable, session-init',
'name': 'Test Rule Temporary ',
'service': '1521, Oraccle-Maximo-Scan-1550, PING-ALL',
'src-address': 'sparkeregap1, sparkeregap2',
'to': 'Trust'}
dic_2 {'action': 'permit',
'dst-address': 'sparkcas01, sparkcas02, email.ab.spark.net',
'from': 'DMZ Web',
'id': '4000',
'log': 'Enable, session-init',
'schedule': 'Mar 2012',
'service': 'SMTP',
'src-address': 'sparkeregap1, sparkeregap2',
'to': 'Trust'}
my_list =
[{'to': 'Trust', 'service': '1521, Oraccle-Maximo-Scan-1550, PING-ALL',
'from': 'DMZ Web', 'dst-address': 'maxprddb-scan-167, maxprddb-scan-168,
maxprddb-scan-169', 'name': 'Test Rule Temporary ', 'action': 'permit', 'id':
'1000', 'src-address': 'sparkeregap1, sparkeregap2', 'log': 'Enable,
session-init'}, {'to': 'Trust', 'from': 'DMZ Web', 'dst-address': 'sparkcas01,
sparkcas02, email.ab.spark.net', 'service': 'SMTP', 'schedule': 'Mar 2012',
'action': 'permit', 'id': '4000', 'src-address': 'sparkeregap1, sparkeregap2',
'log': 'Enable, session-init'}]
pol_keys = ['id', 'name', 'from', 'to', 'src-address', 'dst-address',
'service', 'action', 'nat_status', 'nat_type', 'nat_src_ip', 'nat_dst_ip',
'nat_dst_port', 'log', 'schedule']
with open('test.csv', 'wb') as f:
w = csv.DictWriter(f, pol_keys)
w.writeheader()
w.writerows(my_list)
--
https://mail.python.org/mailman/listinfo/python-list
Re: Writing list of dictionaries to CSV
Hello guys
thanks for the feedback. I think its problem with excel itself, showing wrong
value. Because when I opened the csv file in text editor, I can see correct
value but opening in excel showing wrong value. What I can do to see correct in
excel as well.
Regards
On Tuesday, May 5, 2015 at 9:09:40 PM UTC+4, Kashif Rana wrote:
> Hello Experts
>
> When I am writing list of dictionaries to CSV file, the key 'schedule' has
> value 'Mar 2012' becomes Mar-12. I really do not have clue why thats
> happening. Below is the code.
>
> dic_1 = {'action': 'permit',
> 'dst-address': 'maxprddb-scan-167, maxprddb-scan-168, maxprddb-scan-169',
> 'from': 'DMZ Web',
> 'id': '1000',
> 'log': 'Enable, session-init',
> 'name': 'Test Rule Temporary ',
> 'service': '1521, Oraccle-Maximo-Scan-1550, PING-ALL',
> 'src-address': 'sparkeregap1, sparkeregap2',
> 'to': 'Trust'}
>
> dic_2 {'action': 'permit',
> 'dst-address': 'sparkcas01, sparkcas02, email.ab.spark.net',
> 'from': 'DMZ Web',
> 'id': '4000',
> 'log': 'Enable, session-init',
> 'schedule': 'Mar 2012',
> 'service': 'SMTP',
> 'src-address': 'sparkeregap1, sparkeregap2',
> 'to': 'Trust'}
>
> my_list =
> [{'to': 'Trust', 'service': '1521, Oraccle-Maximo-Scan-1550, PING-ALL',
> 'from': 'DMZ Web', 'dst-address': 'maxprddb-scan-167, maxprddb-scan-168,
> maxprddb-scan-169', 'name': 'Test Rule Temporary ', 'action': 'permit', 'id':
> '1000', 'src-address': 'sparkeregap1, sparkeregap2', 'log': 'Enable,
> session-init'}, {'to': 'Trust', 'from': 'DMZ Web', 'dst-address':
> 'sparkcas01, sparkcas02, email.ab.spark.net', 'service': 'SMTP', 'schedule':
> 'Mar 2012', 'action': 'permit', 'id': '4000', 'src-address': 'sparkeregap1,
> sparkeregap2', 'log': 'Enable, session-init'}]
>
> pol_keys = ['id', 'name', 'from', 'to', 'src-address', 'dst-address',
> 'service', 'action', 'nat_status', 'nat_type', 'nat_src_ip', 'nat_dst_ip',
> 'nat_dst_port', 'log', 'schedule']
>
> with open('test.csv', 'wb') as f:
> w = csv.DictWriter(f, pol_keys)
> w.writeheader()
> w.writerows(my_list)
--
https://mail.python.org/mailman/listinfo/python-list
