WYAE - FWTOOLS Mailing List Archive

RE: [fwtools] real port numbers in a rules-dump
From:	"WISNIEWSKI, DANIEL (SBCSI)"
Date:	Mon, 19 Apr 2004 09:44:35 -0400

RE: Is this stuff useful for anybody else?=20
=20
Yes. I think anyone who adding features to the script is adding value.
Obviously, someone had a need or they wouldn't have added/enhanced the
script. I have this script running for over 180 firewalls ( over 4 P1's =
/
multiple CMA's ) - sending the results back to a webserver, and also =
dumping
into a MySQL database. This allows for searching & displaying multiple =
ways
--
=20
So yes, it always useful -
=20
dan
=20
=20

-----Original Message-----
From: reto.schuettel@ubs.com [mailto:reto.schuettel@ubs.com]=20
Sent: Thursday, April 15, 2004 6:46 AM
To: fwtools@wyae.de
Cc: volker.tanger@detewe.de
Subject: Re: [fwtools] real port numbers in a rules-dump




Hi=20

I added a few other things to my patch.=20
 - protocols and port numbers are now seperated by a '/'. First I think =
this
combination=20
   is quite often used and second it doesn't conflict with portranges,=20
   which use the colon to seperate the source- and destionation port.=20
 - patch now works for negated ports (means... it prints it out)=20
 - new tags: 'from_ip' and 'to_ip'=20
   print out the source/destination host or network in an numerical =
way, if
it's known.=20
   ex: 192.168.10.13=20
       192.168.10.0/24=20
       or 'any'=20

You can find it on:
http://bounty.schuettel.ch/~reto/FW1Rules/numeric-pots.patch.gz
 =20

Is this stuff useful for anybody else?=20


- reto schuettel=20

-----Original Message-----=20
From: Schuettel, Reto=20
Sent: Mittwoch, 14. April 2004 11:20=20
To: fwtools@wyae.de=20
Cc: 'Volker Tanger'=20
Subject: RE: [fwtools] real port numbers in a rules-dump=20


Hmm..=20

the attached patch adds two new tags for "rule-templates"=20

<<>>: prints out the rule numbers. If the script can't determine =
a=20
            service name it prints the servicename itself.=20
            ex: 80 53=20
<<>>/$rulenegated$txt/g;=20
 =20
+       # Translate servicenames into port numbers=20
+       my @protocols;=20
+       my @ports;=20
+       foreach my $srv (split /=A7/, $access_services[$i]) {=20
+               push @ports,    ($svc_dst_port{$srv} || $srv;=20
+               push @protocols,        ($svc_type{$srv} || "-") . ":" =
 .
($svc_dst_port{$srv} || $srv),=20
+       }=20
+=20
+       my $port_text           =3D join($TemplateITEMSEP, @ports);=20
+       my $protocol_text       =3D join($TemplateITEMSEP, @protocols); =

+=20
+=20
+       $line =3D~ s/<<>>/$port_text/g;=20
+       $line =3D~ s/<<>>/$protocol_text/g;=20
        $line =3D~ s/<<>>/$access_action[$i]/g;=20
        $line =3D~ s/<<>>/$access_track[$i]/g;=20
        $line =3D~ s/<<>>/$access_time[$i]/g;=20

-----Original Message-----=20
From: Volker Tanger [mailto:volker.tanger@detewe.de
 ]=20
Sent: Dienstag, 13. April 2004 17:56=20
To: dw6794@sbc.com=20
Cc: Schuettel, Reto; fwtools@wyae.de=20
Subject: Re: [fwtools] real port numbers in a rules-dump=20


> On Tue, 13 Apr 2004 11:18:41 -0400 "WISNIEWSKI, DANIEL (SBCSI)"=20
>  wrote:=20
>=20
> > For all used services used in a rule:=20
> > fw1rules.pl --objects=3D$OBJECTS --rules=3D$FWDIR/conf/$POLICY.W=20
> > --template=3D$services --output=3D=20

Shortcut: within the fw1rules directory replace $service with=20

        templates/services.tsv=20

Bye=20

Volker Tanger=20
ITK Security=20

----------------------------------------------------------=20
FireWallTOOLS-Mailinglist                  fwtools@wyae.de=20
----------------------------------------------------------=20
to unsubscribe send a mail to: minimalist@wyae.de with the=20
subject: unsubscribe fwtools =20



--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
---