Re: Python Script to convert firewall rules
Thank you very much. Appreciated ! But the first requirement was to convert format1 to format2 as below: set interface ethernet2/5 ip 10.17.10.1/24 (format 1) set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format 2) (set, interface, ip) = (set, interfaces, family inet address) But some values are variable and should ask the user to convert manually like ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2 And some values keep as it is like 10.17.10.1/24 Kashif, perhaps you should contact me off list, this subject is becoming very particular and maybe not of interest to the general audience. -- https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
On Saturday, December 13, 2014 6:31:34 AM UTC+4, Jason Friedman wrote:
Thanks for the reply. Yes I can make the all possible keywords/values for
both formate. But after that what gonna be the logic to convert one format to
other format. Like to convert one line below are the keywords:
set interface ethernet2/5 ip 10.17.10.1/24 (format 1)
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format 2)
(set, interface, ip) = (set, interfaces, family inet address)
But some values are variable and should ask the user to convert manually like
ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2
And some values keep as it is like 10.17.10.1/24
Also then format 2 can be converted int o format 3 (as below) for more
readability of format 2. This is just optional.
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
Note that the practice on this list is to put your response after the
(edited) portion of the previous posts.
Are you willing to learn some Python, if someone gets you started?
Would it be helpful if someone provided Python code to convert this:
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24
to this:
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
?
Hello
Thanks for the reply. I am learning python using CBT nuggets for python. But If
you can refer me some good course, that should be practical then it would be
great.
For my requirement, if you can give me the best approach to start with or high
level steps or give me some sample cod, I really appreciate that.
Regards,
Kashif
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
Thanks for the reply. I am learning python using CBT nuggets for python. But
If you can refer me some good course, that should be practical then it would
be great.
For my requirement, if you can give me the best approach to start with or
high level steps or give me some sample cod, I really appreciate that.
Good, some other sources for learning:
https://docs.python.org/3/tutorial/
http://learnpythonthehardway.org/
Here's some code to get you started (version 3.4.0):
convert
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24
to
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
class interface():
attribute_name_list = (ge, unit, family, address)
def __init__(self, ge, unit, family, address):
self.ge = ge
self.unit = unit
self.family = family
self.address = address
def convert(interface_list, indent=4):
indentation = 0
return_list = list()
return_list.append( * indentation + interfaces {)
for interface in interface_list:
for attribute_name in interface.attribute_name_list:
indentation += indent
text = %s %s { % (attribute_name, getattr(interface,
attribute_name))
return_list.append( * indentation + text)
while indentation indent:
indentation -= indent
return_list.append( * indentation + })
indentation -= indent
return_list.append(})
return \n.join(return_list)
if __name__ == __main__:
interface1 = interface(0/0/0, 0, inet, 10.17.10.1/24)
interface2 = interface(2/0/5, 0, inet, 11.18.10.1/24)
print(convert((interface1, interface2, )))
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
Hi Jason
Thank you very much. Appreciated ! But the first requirement was to convert
format1 to format2 as below:
set interface ethernet2/5 ip 10.17.10.1/24 (format 1)
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format 2)
(set, interface, ip) = (set, interfaces, family inet address)
But some values are variable and should ask the user to convert manually
like ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2
And some values keep as it is like 10.17.10.1/24
Thanks and Regards,
Kashif
On Sun, Dec 14, 2014 at 5:35 AM, Jason Friedman jsf80...@gmail.com wrote:
Thanks for the reply. I am learning python using CBT nuggets for python.
But If you can refer me some good course, that should be practical then it
would be great.
For my requirement, if you can give me the best approach to start with
or high level steps or give me some sample cod, I really appreciate that.
Good, some other sources for learning:
https://docs.python.org/3/tutorial/
http://learnpythonthehardway.org/
Here's some code to get you started (version 3.4.0):
convert
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24
to
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
class interface():
attribute_name_list = (ge, unit, family, address)
def __init__(self, ge, unit, family, address):
self.ge = ge
self.unit = unit
self.family = family
self.address = address
def convert(interface_list, indent=4):
indentation = 0
return_list = list()
return_list.append( * indentation + interfaces {)
for interface in interface_list:
for attribute_name in interface.attribute_name_list:
indentation += indent
text = %s %s { % (attribute_name, getattr(interface,
attribute_name))
return_list.append( * indentation + text)
while indentation indent:
indentation -= indent
return_list.append( * indentation + })
indentation -= indent
return_list.append(})
return \n.join(return_list)
if __name__ == __main__:
interface1 = interface(0/0/0, 0, inet, 10.17.10.1/24)
interface2 = interface(2/0/5, 0, inet, 11.18.10.1/24)
print(convert((interface1, interface2, )))
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
Thanks for the reply. Yes I can make the all possible keywords/values for
both formate. But after that what gonna be the logic to convert one format
to other format. Like to convert one line below are the keywords:
set interface ethernet2/5 ip 10.17.10.1/24 (format 1)
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format
2)
(set, interface, ip) = (set, interfaces, family inet address)
But some values are variable and should ask the user to convert manually
like ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2
And some values keep as it is like 10.17.10.1/24
Also then format 2 can be converted int o format 3 (as below) for more
readability of format 2. This is just optional.
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
Note that the practice on this list is to put your response after the
(edited) portion of the previous posts.
Are you willing to learn some Python, if someone gets you started?
Would it be helpful if someone provided Python code to convert this:
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24
to this:
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
?
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
I am network engineer and not expert in programming. I would like to make one python script to convert juniper netscreen firewall configuration into juniper SRX firewall configuration. Looks pretty tricky, do you have a specification for each format containing all the possible keywords/values? If you could describe the logic in English then writing the equivalent in Python would be straightforward for many people on this list. -- https://mail.python.org/mailman/listinfo/python-list
Re: Python Script to convert firewall rules
Hi Jason
Thanks for the reply. Yes I can make the all possible keywords/values for both
formate. But after that what gonna be the logic to convert one format to other
format. Like to convert one line below are the keywords:
set interface ethernet2/5 ip 10.17.10.1/24 (format 1)
set interfaces ge-0/0/0 unit 0 family inet address 10.17.10.1/24 (format 2)
(set, interface, ip) = (set, interfaces, family inet address)
But some values are variable and should ask the user to convert manually like
ethernet2/5 equal to ge-0/0/0 or ge-0/0/1 or ge-0/0/2
And some values keep as it is like 10.17.10.1/24
Also then format 2 can be converted int o format 3 (as below) for more
readability of format 2. This is just optional.
interfaces {
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
On Friday, December 12, 2014 5:45:20 AM UTC+4, Jason Friedman wrote:
I am network engineer and not expert in programming. I would like to make one
python script to convert juniper netscreen firewall configuration into
juniper SRX firewall configuration.
Looks pretty tricky, do you have a specification for each format containing
all the possible keywords/values?
If you could describe the logic in English then writing the equivalent in
Python would be straightforward for many people on this list.
--
https://mail.python.org/mailman/listinfo/python-list
Python Script to convert firewall rules
Hello Experts
I am network engineer and not expert in programming. I would like to make one
python script to convert juniper netscreen firewall configuration into juniper
SRX firewall configuration. Sample is below. I would appreciate if anybody can
give me the high level steps to start with.
Juniper Netscreen
set interface ethernet0/0 ip 194.1.1.1/24
set interface ethernet0/0 route
set interface ethernet0/0 zone Untrust
set interface ethernet2/5 ip 10.17.10.1/24
set interface ethernet2/5 route
set interface ethernet2/5 zone Mail DMZ
set interface ethernet0/0 mip 194.1.1.10 host 10.17.10.10 netmask
255.255.255.255 vr trust-vr
set interface ethernet0/0 mip 194.1.1.20 host 10.17.10.20 netmask
255.255.255.255 vr trust-vr
set address Mail DMZ mx1.union.com 10.17.10.10 255.255.255.255
set address Mail DMZ mx2.union.com 10.17.10.20 255.255.255.255
set policy id 100 name CR567 from Untrust to DMZ Any
MIP(194.1.1.10) SMTP permit log
set policy id 100
set dst-address MIP(194.1.1.20)
set log session-init
exit
Juniper SRX
--
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 194.1.1.1/24;
}
}
}
ge-2/0/5 {
unit 0 {
family inet {
address 10.17.10.1/24;
}
}
}
}
security {
nat {
static {
rule-set static-nat-Untrust {
from zone Untrust;
rule rule-1 {
match {
destination-address 194.1.1.10/32;
}
then {
static-nat prefix 10.17.10.10/32;
}
}
rule rule-2 {
match {
destination-address 194.1.1.20/32;
}
then {
static-nat prefix 10.17.10.20/32;
}
}
}
}
proxy-arp {
interface ge-0/0/0.0 {
address {
194.1.1.10/32;
194.1.1.20/32;
}
}
}
}
zones {
security-zone Untrust {
interfaces {
ge-0/0/0.0;
}
}
security-zone DMZ {
address-book {
address mx1.union.com 10.17.10.10/32;
address mx2.union.com 10.17.10.20/32;
}
interfaces {
ge-2/0/5.0;
}
}
}
policies {
from-zone Untrust to-zone DMZ {
/* CR567 */
policy 100 {
match {
source-address any;
destination-address [ mx1.union.com mx2.union.com ];
application junos-smtp;
}
then {
permit;
log {
session-init;
}
}
}
}
}
}
--
https://mail.python.org/mailman/listinfo/python-list
