def q_ip(kind, single = None):
"""
Ask for a source or destination ip.
Kinds -- 'source', 'destination'
device -- 'alcatel', 'cisco', 'juniper'
"""
#Cisco does not accept multiples. By setting the second argument of the function to anything, we will ask for a single or multiple ips
if single is not None:
m_or_s = "single"
else:
m_or_s = "multiple"
if m_or_s == "multiple":
ip_addr = input(POLITE_STRING + str(kind) + IP_STRINGS['multiple']) or "any"
ip_addr = ip_addr.replace(' ', '')
ip_addr = ip_addr.split(',')
is_true = ip_check(ip_addr)
elif m_or_s == "single":
ip_addr = input(POLITE_STRING + str(kind) + IP_STRINGS['single']) or "any"
is_true = ip_check(ip_addr)
valid_input = False
while valid_input is False:
if is_true is True:
return ip_addr
else:
if m_or_s == "multiple":
ip_addr = input(str(ip_addr) + INVALID_STRING + str(kind) + IP_STRINGS['multiple error']) or "any"
ip_addr = ip_addr.replace(' ', '')
ip_addr = ip_addr.split(',')
is_true = ip_check(ip_addr)
elif m_or_s == "single":
ip_addr = input(POLITE_STRING + str(kind) + IP_STRINGS['single error']) or "any"
is_true = ip_check(ip_addr)
def alcatel_vars_fixer(name, acl_vars_array, output_file):
"""
The following loops through our entire array, and calls list_generator.
Additionally, it checks to see if a list has already been created for any given set of numbers
If such a list already exists, it passes on making another list.
x y and z are all iterators
Accepts:
name: name of the filter
acl_vars_array: an array of vars for an ACL
"""
ip_list_number = 1
port_list_number = 1
existing_list_names = []
existing_list_numbers = []
duplicate = False
for x in range(0, len(acl_vars_array)):
for y in range(3, 7):
# checks for duplicates
for z in range(0, len(existing_list_numbers)):
duplicate = False
if existing_list_numbers[z] == acl_vars_array[x][y]:
acl_vars_array[x][y] = existing_list_names[z]
duplicate = True
break
# generates ip prefix lists or port lists based on list position.
if len(acl_vars_array[x][y]) > 1 and y == 3 and ip_check(
acl_vars_array[x][y]) is True or len(
acl_vars_array[x][y]) > 1 and y == 5 and ip_check(
acl_vars_array[x][y]):
existing_list_numbers.append(acl_vars_array[x][y])
acl_vars_array[x][y] = list_generator(
str(name) + "_ip_list_" + str(ip_list_number), "ip_list",
acl_vars_array[x][y], output_file)
existing_list_names.append(
str(name) + "_ip_list_" + str(ip_list_number))
ip_list_number += 1
elif len(acl_vars_array[x][y]) > 1 and y == 4 and service_check(
acl_vars_array[x][y]) is True or len(
acl_vars_array[x][y]) > 1 and y == 6 and service_check(
acl_vars_array[x][y]) is True:
existing_list_numbers.append(acl_vars_array[x][y])
acl_vars_array[x][y] = list_generator(
str(name) + "_port_list_" + str(port_list_number),
"port_list", acl_vars_array[x][y], output_file)
existing_list_names.append(
str(name) + "_port_list_" + str(port_list_number))
port_list_number += 1
elif duplicate is True:
acl_vars_array[x][y] = existing_list_names[z]
# Strip single entry values out of their array for acl.write(ing
else:
acl_vars_array[x][y] = acl_vars_array[x][y][0]
def q_port(kind, single = None):
"""
Ask for a source or destination port.
Kinds -- 'source, 'destination'
"""
#Cisco does not accept multiples. By setting the second argument of the function to anything, we will ask for a single or multiple ports
if single is not None:
m_or_s = "single"
else:
m_or_s = "multiple"
if m_or_s == "multiple":
service = input(POLITE_STRING + str(kind) + SERVICE_STRINGS['multiple']) or "any"
service = service.replace(' ', '')
service = service.split(',')
is_true = service_check(service)
elif m_or_s == "single":
service = input(POLITE_STRING + str(kind) + SERVICE_STRINGS['single']) or "any"
is_true = service_check(service)
valid_input = False
while valid_input is False:
if is_true is True:
return service
else:
if m_or_s == "multiple":
service = input(POLITE_STRING + str(kind) + SERVICE_STRINGS['multiple invalid']) or "any"
service = service.replace(' ', '')
service = service.split(',')
is_true = service_check(service)
elif m_or_s == "single":
service = input(POLITE_STRING + str(kind) + SERVICE_STRINGS['single invalid']) or "any"
is_true = ip_check(service)
def q_ip(kind):
"""
Ask for a source or destination ip. Kinds accepted:
'source', 'destination'
"""
ip_addr = input(POLITE_STRING + str(kind) + IP_STRINGS[0]) or "any"
ip_addr = ip_addr.replace(' ', '')
ip_addr = ip_addr.split(',')
is_true = ip_check(ip_addr)
valid_input = False
while valid_input is False:
if is_true is True:
return ip_addr
else:
ip_addr = input(str(ip_addr) + INVALID_STRING +
str(kind) + IP_STRINGS[1]) or "any"
ip_addr = ip_addr.replace(' ', '')
ip_addr = ip_addr.split(',')
is_true = ip_check(ip_addr)
def entry_generator(acl_vars_array, entry_number, output_file):
"""
Generates entries for each list of variables in acl_vars_array.
acl_vars_array: an array with all of the users input variables. An array should look like
[entry_number, entry_description, protocol, source_ips, source_services, destination_ips, destination_services, action])
entry_number: the amount of entries the user needs.
"""
i = entry_number
for i in range(0, int(i / 10)):
output_file.write("entry " + str(acl_vars_array[i][0]) + " create\n")
output_file.write("\tdescription " + str(acl_vars_array[i][1]) + "\n")
if acl_vars_array[i][2] == "any":
output_file.write("\tmatch protocol *\n")
else:
output_file.write("\tmatch protocol " + str(acl_vars_array[i][2]) +
"\n")
j = [acl_vars_array[i][3]]
is_title = ip_check(j)
if is_title is False:
output_file.write("\t\tsrc-ip ip-prefix-list " +
str(acl_vars_array[i][3]) + "\n")
elif acl_vars_array[i][3] == "any":
pass
else:
output_file.write("\t\tsrc-ip " + str(acl_vars_array[i][3]) + "\n")
j = [acl_vars_array[i][4]]
is_title = service_check(j)
if is_title is False:
output_file.write("\t\tsrc-port port-list " +
str(acl_vars_array[i][4]) + "\n")
elif acl_vars_array[i][4] == "any":
pass
else:
output_file.write("\t\tsrc-port eq " + str(acl_vars_array[i][4]) +
"\n")
j = [acl_vars_array[i][5]]
is_title = ip_check(j)
if is_title is False:
output_file.write("\t\tdst-ip ip-prefix-list " +
str(acl_vars_array[i][5]) + "\n")
elif acl_vars_array[i][5] == "any":
pass
else:
output_file.write("\t\tdst-ip " + str(acl_vars_array[i][5]) + "\n")
j = [acl_vars_array[i][5]]
is_title = service_check(j)
if is_title is False:
output_file.write("\t\tdst-port port-list " +
str(acl_vars_array[i][6]) + "\n")
elif acl_vars_array[i][6] == "any":
pass
else:
output_file.write("\t\tdst-port eq " + str(acl_vars_array[i][6]) +
"\n")
output_file.write("\texit\n")
output_file.write("\taction " + str(acl_vars_array[i][7]) + "\n")
output_file.write("exit\n\n")