Globally acceptable internal IP pool will be 172*, 10* and 192*. So all other ips will be public. Now list all the ips in all acl, append it to a template file, filter it based on desired port, use regular expression (^)as said below and get it concatenated to same file.
On Wed, 18 Aug, 2021, 8:58 pm Rajthecomputerguy, < [email protected]> wrote: > You have to use regex patterns to match the desired ACL's > > On Wed, Aug 18, 2021 at 7:54 PM Vikram S <[email protected]> wrote: > >> i need to gather firewall rules (ACL) in which source ip is a public ip >> or public subnet and destination is an internal server and port is >> tcp/3389. I am wondering how to write a script that will excluded all ACL >> in which source ip is internal (starting with 10.xx.xx.xx) and gather only >> ACL in which public ip is source. >> EXAMPLE OF ACL allowing access from public ip to internal ip: >> access-list OUT_access_in line 2 extended permit tcp host 8.8.8.8 host >> 10.10.10.5 eq 3389 access-list OUT_access_in line 3 extended permit tcp >> 8.8.8.0 255.255.255.0 host 10.10.10.5 eq 3389 >> >> EXAMPLE OF ACL allowing access from one internal ip to another internal >> ip: >> access-list IN_access_in line 2 extended permit tcp host 10.15.15.5 host >> 10.10.10.5 eq 3389 >> access-list IN_access_in line 3 extended permit tcp 10.15.15.0 >> 255.255.255.0 host 10.10.10.5 eq 3389 >> access-list IN_access_in line 4 extended permit tcp any host 10.10.10.5 >> eq 3389 >> >> Thanks, >> Vikram >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/50fdadda-cd24-4b03-9e4f-c11d64343650n%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/50fdadda-cd24-4b03-9e4f-c11d64343650n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > > Thanks, > > Pushparaj G > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAE5Yv1Rh%3DCLfyEkvxRpakcp2KDYAzZ17J-oZXvOhmnc42AoAEQ%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAE5Yv1Rh%3DCLfyEkvxRpakcp2KDYAzZ17J-oZXvOhmnc42AoAEQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKHt%2BQ9rXE2rxRoCXozak94c%3Dz5xQfOEQRpoiECpNzqeozXQ4g%40mail.gmail.com.
