def init(name, raise_on_error=False):
# clear object variables
parser.object_dict.clear()
# init firewall
p_info['firewall'] = Firewall()
p_info['firewall'].name = name
p_info['firewall'].hostname = ntpath.basename(name)
p_info['firewall'].type = 'Iptables'
# create default acl
p_info['firewall'].acl.append(ACL('INPUT'))
p_info['firewall'].acl.append(ACL('FORWARD'))
p_info['firewall'].acl.append(ACL('OUTPUT'))
# init parser state
p_info['current_interface_name'] = None
p_info['used_object'] = set()
p_info['default_policy'] = dict()
p_info['default_policy']['INPUT'] = Action(True)
p_info['default_policy']['FORWARD'] = Action(True)
p_info['default_policy']['OUTPUT'] = Action(True)
p_info['current_chain'] = None
p_info['rule_id'] = 0
p_info['rule_list'] = []
p_info['rule_bind'] = dict()
p_info['current_rule'] = Rule(p_info['rule_id'], None, [], [], [], [], [],
Action(False))
p_info['rule_bind'][p_info['rule_id']] = [None, None]
p_info['current_table'] = None
# raise on error option
p_info['raise_on_error'] = raise_on_error
def finish():
my_parser = IptablesParser()
# select the 3 main nodes
input_node = my_parser.get_node("INPUT")
output_node = my_parser.get_node("OUTPUT")
forward_node = my_parser.get_node("FORWARD")
# create every path from the 3 nodes
input_path_list = my_parser.create_all_path_from_node(input_node)
output_path_list = my_parser.create_all_path_from_node(output_node)
forward_path_list = my_parser.create_all_path_from_node(forward_node)
# create the rules which correspond to the path list
input_rules = my_parser.get_rules_from_path_list(input_path_list)
output_rules = my_parser.get_rules_from_path_list(output_path_list)
forward_rules = my_parser.get_rules_from_path_list(forward_path_list)
# add the rule for default drop or accept
input_rules.append(my_parser.get_general_rule(input_node))
output_rules.append(my_parser.get_general_rule(output_node))
forward_rules.append(my_parser.get_general_rule(forward_node))
# create the fw
acl_input = ACL("INPUT")
acl_input.rules = input_rules
acl_output = ACL("OUTPUT")
acl_output.rules = output_rules
acl_forward = ACL("FORWARD")
acl_forward.rules = forward_rules
new_fw = Firewall()
new_fw.acl = [acl_input, acl_output, acl_forward]
new_fw.hostname = my_parser.instance.filename
new_fw.name = my_parser.instance.filename
my_parser.instance.fw.append(new_fw)
def finish():
my_parser = IptablesParser()
# select the 3 main nodes
input_node = my_parser.get_node("INPUT")
output_node = my_parser.get_node("OUTPUT")
forward_node = my_parser.get_node("FORWARD")
# create every path from the 3 nodes
input_path_list = my_parser.create_all_path_from_node(input_node)
output_path_list = my_parser.create_all_path_from_node(output_node)
forward_path_list = my_parser.create_all_path_from_node(forward_node)
# create the rules which correspond to the path list
input_rules = my_parser.get_rules_from_path_list(input_path_list)
output_rules = my_parser.get_rules_from_path_list(output_path_list)
forward_rules = my_parser.get_rules_from_path_list(forward_path_list)
# add the rule for default drop or accept
input_rules.append(my_parser.get_general_rule(input_node))
output_rules.append(my_parser.get_general_rule(output_node))
forward_rules.append(my_parser.get_general_rule(forward_node))
# create the fw
acl_input = ACL("INPUT")
acl_input.rules = input_rules
acl_output = ACL("OUTPUT")
acl_output.rules = output_rules
acl_forward = ACL("FORWARD")
acl_forward.rules = forward_rules
new_fw = Firewall()
new_fw.acl = [acl_input, acl_output, acl_forward]
new_fw.hostname = my_parser.instance.filename
new_fw.name = my_parser.instance.filename
new_fw.type = "Iptables"
my_parser.instance.fw.append(new_fw)
def init(name, raise_on_error=False):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = name
p_info['firewall'].hostname = ntpath.basename(name)
p_info['firewall'].type = 'JuniperNetscreen'
p_info['current_policy'] = Rule(0, "", [], [], [], [], [], False)
p_info['context_policy'] = Rule(0, "", [], [], [], [], [], False),
p_info['policy_zone_src'] = None
p_info['policy_zone_dst'] = None
p_info['current_object'] = []
p_info['used_object'] = set()
p_info['policy_context'] = 0
p_info['index_rule'] = -1
p_info['raise_on_error'] = raise_on_error
def init(name, raise_on_error=False):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = name
p_info['firewall'].hostname = ntpath.basename(name)
p_info['firewall'].type = 'JuniperNetscreen'
p_info['current_policy'] = Rule(0, "", [], [], [], [], [], False)
p_info['context_policy'] = Rule(0, "", [], [], [], [], [], False),
p_info['policy_zone_src'] = None
p_info['policy_zone_dst'] = None
p_info['current_object'] = []
p_info['used_object'] = set()
p_info['policy_context'] = 0
p_info['index_rule'] = -1
p_info['raise_on_error'] = raise_on_error
def init(name, raise_on_error=False):
global i, j, k, cptr, current_rule, d, nd
i, j, k, cptr = 0, 0, 0, 0
current_rule = {
'index': None,
'action': None,
'src': [],
'dst': [],
'install': [],
'services': []
}
p_info['firewall_list'] = []
p_info['name'] = name
p_info['hostname'] = ntpath.basename(name)
p_info['current_rule'] = Rule(None, None, [], [], [], [], [],
Action(False))
p_info['firewall'] = Firewall()
del object_dict[:], firewalls[:], used_objects[:], rules[:]
d = {
'host': list(),
'port': list(),
'protocol': list(),
'machines_range': list(),
'netobj': list()
}
nd = {
'host': list(),
'port': list(),
'protocol': list(),
'machines_range': list(),
'netobj': list()
}
def _init(vdom):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = p_info['name']
p_info['firewall'].hostname = p_info['hostname'] + ('-' + vdom if vdom else '')
p_info['firewall'].type = 'Fortinet FortiGate'
p_info['vdom'] = vdom
p_info['srcintf'] = []
p_info['dstintf'] = []
p_info['used_object'] = set()
p_info['bounded_rules'] = set()
p_info['current_rule'] = Rule(None, None, [], [], [], [], [], Action(False))
p_info['current_interface'] = Interface(None, None, None, [])
p_info['current_object'] = None
p_info['range_ip'] = None
p_info['range_port'] = None
def init(name, raise_on_error=False):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = name
p_info['firewall'].hostname = ntpath.basename(name)
p_info['firewall'].type = 'CiscoAsa'
p_info['interface_state'] = False
p_info['current_interface'] = None
p_info['object_name'] = None
p_info['used_object'] = set()
p_info['bounded_rules'] = set()
p_info['rule_id'] = 0
p_info['rule_list'] = []
p_info['current_rule'] = Rule(None, None, [], [], [], [], [], False)
p_info['index_rule'] = 0
p_info['global_rules'] = []
p_info['raise_on_error'] = raise_on_error
def init(name, raise_on_error=False):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = name
p_info['firewall'].hostname = ntpath.basename(name)
p_info['firewall'].type = 'Cisco Asa'
p_info['interface_state'] = False
p_info['current_interface'] = None
p_info['object_name'] = None
p_info['used_object'] = set()
p_info['bounded_rules'] = set()
p_info['rule_id'] = 0
p_info['rule_list'] = []
p_info['current_rule'] = Rule(None, None, [], [], [], [], [], Action(False))
p_info['index_rule'] = 0
p_info['global_rules'] = []
p_info['raise_on_error'] = raise_on_error
def init(name, raise_on_error=False):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = name
p_info['firewall'].hostname = ntpath.basename(name)
p_info['firewall'].type = 'FortiGate'
p_info['srcintf'] = None
p_info['dstintf'] = None
p_info['used_object'] = set()
p_info['bounded_rules'] = set()
p_info['current_rule'] = Rule(None, None, [], [], [], [], [], False)
p_info['current_interface'] = Interface(None, None, None, [])
p_info['current_object'] = None
p_info['current_state'] = []
p_info['range_ip'] = None
p_info['range_port'] = None
p_info['raise_on_error'] = raise_on_error
def init(name, raise_on_error=False):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = name
p_info['firewall'].hostname = ntpath.basename(name)
p_info['firewall'].type = 'FortiGate'
p_info['srcintf'] = None
p_info['dstintf'] = None
p_info['used_object'] = set()
p_info['bounded_rules'] = set()
p_info['current_rule'] = Rule(None, None, [], [], [], [], [], False)
p_info['current_interface'] = Interface(None, None, None, [])
p_info['current_object'] = None
p_info['current_state'] = []
p_info['range_ip'] = None
p_info['range_port'] = None
p_info['raise_on_error'] = raise_on_error
def init(name, raise_on_error=False):
object_dict.clear()
p_info["firewall"] = Firewall()
p_info["firewall"].name = name
p_info["firewall"].hostname = ntpath.basename(name)
p_info["firewall"].type = "Cisco Asa"
p_info["interface_state"] = False
p_info["current_interface"] = None
p_info["object_name"] = None
p_info["used_object"] = set()
p_info["bounded_rules"] = set()
p_info["rule_id"] = 0
p_info["rule_list"] = []
p_info["current_rule"] = Rule(None, None, [], [], [], [], [], Action(False))
p_info["index_rule"] = 0
p_info["global_rules"] = []
p_info["raise_on_error"] = raise_on_error
def _init(vdom):
object_dict.clear()
p_info['firewall'] = Firewall()
p_info['firewall'].name = p_info['name']
p_info['firewall'].hostname = p_info['hostname'] + ('-' +
vdom if vdom else '')
p_info['firewall'].type = 'Fortinet FortiGate'
p_info['vdom'] = vdom
p_info['srcintf'] = []
p_info['dstintf'] = []
p_info['used_object'] = set()
p_info['bounded_rules'] = set()
p_info['current_rule'] = Rule(None, None, [], [], [], [], [],
Action(False))
p_info['current_interface'] = Interface(None, None, None, [])
p_info['current_object'] = None
p_info['range_ip'] = None
p_info['range_port'] = None
p_info['route_list'] = []
p_info['current_route'] = Route(None, None, None, None, None, 1)
p_info['index_route'] = 0
def finish_fw(acls):
for fw in firewalls:
p_info['firewall'] = Firewall()
p_info['firewall'].name = p_info['name']
p_info['firewall'].hostname = fw['name']
p_info['firewall'].type = 'CheckPoint'
p_info['firewall'].unused_objects = set(unused_objects)
p_info['firewall'].dictionnary = dict(nd)
if fw['ifaces']:
for iface in fw['ifaces']:
p_info['firewall'].interfaces.append(
Interface(iface['name'],
Ip(iface['ipaddr'], iface['netmask']),
iface['index']))
for name, acl in acls.iteritems():
if name == p_info['firewall'].hostname:
newAcl = ACL(name)
newAcl.rules = acl
p_info['firewall'].acl.append(newAcl)
p_info['firewall_list'].append(p_info['firewall'])
def finish_fw(acls):
for fw in firewalls:
p_info['firewall'] = Firewall()
p_info['firewall'].name = p_info['name']
p_info['firewall'].hostname = fw['name']
p_info['firewall'].type = 'CheckPoint'
p_info['firewall'].unused_objects = set(unused_objects)
p_info['firewall'].dictionnary = dict(nd)
if fw['ifaces']:
for iface in fw['ifaces']:
p_info['firewall'].interfaces.append(Interface(iface['name'], Ip(iface['ipaddr'], iface['netmask']),
iface['index']))
for name, acl in acls.iteritems():
if name == p_info['firewall'].hostname:
newAcl = ACL(name)
newAcl.rules = acl
p_info['firewall'].acl.append(newAcl)
p_info['firewall_list'].append(p_info['firewall'])
class FirewallVDOM:
def __init__(self, fw, vdom, used_object, bounded_rules):
self.fw = fw
self.vdom = vdom
self.used_object = set(used_object)
self.bounded_rules = set(bounded_rules)
# Use for construct dictionary of object and object group
object_dict = {}
parsing_route = False
parsing_ipsec = False
# Use for detect state
p_info = {
'firewall_list': [],
'firewall': Firewall(),
'vdom': None,
'name': None,
'hostname': None,
'srcintf': [],
'dstintf': [],
'used_object': set(),
'bounded_rules': set(),
'current_rule': Rule(None, None, [], [], [], [], [], Action(False)),
'current_interface': Interface(None, None, None, []),
'current_object': None,
'current_state': [],
'range_ip': None,
'range_port': None,
'raise_on_error': False,
'use_vdom': False,