#!/usr/bin/perl # # conduit2acl.pl # Paul Venezia, pvenezia@jpj.net # 08.20.02 # # Input is file with raw conduit listing, not full PIX config # $version = "0.3"; if ($ARGV[0] =~ '--help') { &usage; } my $cfile = $ARGV[0] || <>; my $aclname = ($ARGV[1]) || "REPLACE"; sub usage { print << "EOT"; conduit2acl.pl v$version Input is file with raw conduit listing, not full PIX config Usage: conduit2acl.pl [ -, conduitfilename] [output acl name] cat | conduit2acl.pl - [output acl name] conduit2acl.pl [output acl name] EOT exit; } sub echo { if (@cline[1] =~ /(permit|deny)/) { print "access-list $aclname @cline[1] @cline[2] $fhost $host $mod $port\n"; } } open (CLIST, $cfile) or die "Can't open input $cfile: $!"; while () { @cline = split (" "); if (! @cline[0] =~ /^conduit/) { print "Invalid Line: @cline\n"; next; } if ( $#cline < 3 ) { print "Invalid Line: @cline\n"; next; } if (@cline[3] eq "any") { $host = @cline[3] } else { $host = "@cline[3] @cline[4]"; } $fhost = "any" if (@cline[4..6] eq "any"); if (@cline[5] =~ /(eq|gt|lt)/) { $fhost = "@cline[7] @cline[8]"; $port = @cline[6]; $mod = @cline[5]; echo; next; } if (@cline[5] eq "range") { $mod = @cline[5]; $port = "@cline[6] @cline[7]"; $fhost = "@cline[8] @cline[9]"; echo; next; } if (@cline[2] =~ /(ip|icmp|tcp|udp|esp|gre)/ ) { if (@cline[4..6] eq "any") { $fhost = "any"; } else { $fhost = "@cline[5] @cline[6]"; } undef($mod); undef($port); echo; next; } }