WYAE - FWTOOLS Mailing List Archive
| Re: [fwtools] problem piping data into python scripts
|
| From: | "David DeSimone" |
| Date: | Fri, 28 May 2010 12:28:41 -0500
|
Mike Barkett wrote:
>
> In my experimental usage of fw1r65_to_fwdoc.pl, I ran into a few
> issues such as the one you describe and ended up implementing a
> similar fix to yours. I believe it also fixes Kev's original missing
> comma issue.
Like some of the rest of you, I ran into these sorts of issues and fixed
them myself, but I took a different tactic. Instead of adding fake NAT
rules, I modified the tools to understand that NAT rules might not
exist. Due to the fact that python requires indentation changes when
you add an extra "if" statement around other statements, this generates
large diff's for what is essentially a small change. So for previty I
will use "diff -w" to show only non-whitespace changes, with the caveat
that you must know to shift the relevant lines in order to preserve
proper python syntax.
Hope these in-line patches are readable to someone....
=====================================
This patch removes an attempt to annotate rule comments, which I could
not get to work, and also fixes a date bug where the wrong month is
printed:
--- ../src/fw1r65_to_fwdoc/fw1r65_to_fwdoc.pl 2009-03-27
13:51:00.000000000 -0400
+++ fw1r65_to_fwdoc.pl 2010-01-27 05:23:08.000000000 -0500
@@ -1118,10 +1118,10 @@
$fileEOF = ($line = );
$line = &fromdos($line);
&DebugLog("Access.READ1b: $line");
- # Below added for R65 features 2008-02-12 By Jacob
- if (defined $access_name[$access_number]){
-
$access_comment[$access_number]="Name:$access_name[$access_number], Comment: $access_comment[$access_number]";
- }
+## # Below added for R65 features 2008-02-12 By Jacob
+## if (defined $access_name[$access_number]){
+##
$access_comment[$access_number]="Name:$access_name[$access_number], Comment: $access_comment[$access_number]";
+## }
} #--- outer while
return &fromdos("$line");
}
@@ -1321,7 +1321,7 @@
print " \"type\": \"FireWall-1 / VPN-1\",\n";
print " \"version\": \"3.0 - 4.1 - NG R65\",\n";
print ' "date": "';
- print $loctime[5]+1900 . "-$loctime[4]-$loctime[3]";
+ print join('-', $loctime[5]+1900, $loctime[4]+1, $loctime[3]);
print "\",\n";
print ' "identifier": "';
print $FW1rules;
=====================================
This patch fixes the fwdoc_to_{text,html} tools to understand that there
might not actually be any NAT rules to display.
--- ../src/fwdoc_to_html/fwdoc_to_html.py 2009-03-06
05:46:00.000000000 -0500
+++ fwdoc_to_html.py 2010-01-24 22:49:38.000000000 -0500
@@ -267,6 +267,7 @@
print ''
+if ( fwdoc.has_key('natrules')):
bgcolorflag = 0
print """
--- ../src/fwdoc_to_txt/fwdoc_to_txt.py 2007-03-09 23:28:12.000000000 -0500
+++ fwdoc_to_txt.py 2010-01-24 22:47:13.000000000 -0500
@@ -161,6 +161,7 @@
ifindent = ' '
+if ( fwdoc.has_key('natrules')):
print "\n\n\n========================================================="
print "NAT Rules"
print "========================================================="
--- ../src/fwdoc_ungroup/fwdoc_ungroup.py 2007-03-09
23:28:12.000000000 -0500
+++ fwdoc_ungroup.py 2010-01-24 22:50:26.000000000 -0500
@@ -153,6 +153,7 @@
#-------------------------------------------------------------
# loop through NAT rules
+if ( fwdoc.has_key('natrules')):
for rulenr in range(len(fwdoc['natrules'])):
fwdoc['natrules'][rulenr]['orig_from'] = UngroupOBJ(fwdoc['natrules'][rulenr]['orig_from'],99)
fwdoc['natrules'][rulenr]['orig_to'] = UngroupOBJ(fwdoc['natrules'][rulenr]['orig_to'],99)
=====================================
This patch causes fwdoc_used_objects to recognize that firewall clusters
are a grouping of individual firewalls. Also, that it should recognize
that an absence of NAT rules and Users are okay to process.
--- ../src/fwdoc_used_objects/fwdoc_used_objects.py 2007-03-09
23:28:12.000000000 -0500
+++ fwdoc_used_objects.py 2010-01-25 01:33:17.000000000 -0500
@@ -90,6 +90,8 @@
objectslist.append( frobj['object'] )
if (fwdoc['objects'][obj]['type'] == 'group'):
UngroupOBJ (fwdoc['objects'][obj]['groupmembers'], depth - 1)
+ if (fwdoc['objects'][obj]['type'] == 'gateway_cluster'):
+ UngroupOBJ (fwdoc['objects'][obj]['groupmembers'], depth - 1)
#------------------------
@@ -152,6 +154,7 @@
#-------------------------------------------------------------
# loop through NAT rules
+if ( fwdoc.has_key('natrules')):
for rulenr in range(len(fwdoc['natrules'])):
UngroupOBJ(fwdoc['natrules'][rulenr]['orig_from'],99)
UngroupOBJ(fwdoc['natrules'][rulenr]['orig_to'],99)
@@ -177,6 +180,7 @@
else:
fwdoc['firewall']['filter'].append('fwdoc_used_objects - listing
only used objects')
newfwdoc['accessrules'] = fwdoc['accessrules']
+ if ( fwdoc.has_key('natrules')):
newfwdoc['natrules'] = fwdoc['natrules']
newfwdoc['objects'] = {}
@@ -218,6 +222,7 @@
if (UNUSED):
newfwdoc['layer7filter'][obj] = fwdoc['layer7filter'][obj]
+if ( fwdoc.has_key('users')):
for obj in fwdoc['users'].keys():
try:
x = userslist.index(obj)
--
David DeSimone == Network Admin == fox@verio.net
"I don't like spinach, and I'm glad I don't, because if I
liked it I'd eat it, and I just hate it." -- Clarence Darrow
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.
