68 lines
2.1 KiB
Perl
68 lines
2.1 KiB
Perl
#!/usr/bin/perl
|
|
|
|
use strict;
|
|
|
|
my $TR="_";
|
|
my $PR="CS";
|
|
|
|
print "\n";
|
|
open CONF, "$0.conf";
|
|
my @CONF=<CONF>;
|
|
close CONF;
|
|
|
|
foreach my $line (@CONF) {
|
|
chomp $line;
|
|
next if ($line =~ /^#/);
|
|
object("NO", $line) if ($line =~ /^NO/);
|
|
object("SO", $line) if ($line =~ /^SO/);
|
|
}
|
|
foreach my $line (@CONF) {
|
|
next if ($line =~ /^#/);
|
|
objectgroup("NG", $line) if ($line =~ /^NG/);
|
|
objectgroup("SG", $line) if ($line =~ /^SG/);
|
|
}
|
|
print "\n";
|
|
|
|
sub object {
|
|
my ($O,$line)=@_;
|
|
my (undef,$NAME,$Object,$comment) = split /:/, $line;
|
|
print "object ";
|
|
print "network " if ($O eq "NO");
|
|
print "service " if ($O eq "SO");
|
|
print "$TR$PR$TR$O$TR$NAME\n";
|
|
print " " if ($O eq "NO");
|
|
print " service " if ($O eq "SO");
|
|
print "$Object\n";
|
|
print " description $comment\n" if ($comment);
|
|
print "exit\n";
|
|
}
|
|
|
|
sub objectgroup {
|
|
my ($O,$line)=@_;
|
|
my (undef,$NAME,$Object,$comment) = split /:/, $line;
|
|
print "object-group ";
|
|
print "network " if ($O eq "NG");
|
|
print "service " if ($O eq "SG");
|
|
print "$TR$PR$TR$O$TR$NAME\n";
|
|
my @Objects = split /,/, $Object;
|
|
foreach my $Ob (@Objects) {
|
|
print " network-object " if ($O eq "NG");
|
|
print " service-object " if ($O eq "SG");
|
|
print "object $TR$PR$TR";
|
|
print "NO" if ($O eq "NG");
|
|
print "SO" if ($O eq "SG");
|
|
print "$TR$Ob\n";
|
|
}
|
|
print " description $comment\n" if ($comment);
|
|
print "exit\n";
|
|
}
|
|
|
|
#PR:CS
|
|
#TR:_
|
|
#NO:NAME1:host 1.2.3.5 > object network TR PR TR NO TR NAME1 \n host 1.2.3.5 \n
|
|
#NO:NAME2:network 1.2.2.0 255.255.255.0 > object network TR PR TR NO TR NAME2 \n network 1.2.2.0 255.255.255.0 \n
|
|
#NG:NAME:NAME1,NAME2 > object-group network TR PR TR NG TR NAME \n network-object object TR PR TR NO TR NAME1 \n network-object object TR PR TR NO TR NAME2 \n
|
|
#SO:NAME1:tcp source eq 123 destination range 100 200 > object service TR PR TR SO TR NAME1 \n tcp source eq 123 destination range 100 200
|
|
#SO:NAME2:tcp destination eq 112 > object service TR PR TR SO TR NAME2 \n tcp destination eq 112
|
|
#SG:NAME:NAME1,NAME2 > object-group service TR PR TR SG TR NAME \n service-object object TR PR TR SO TR NAME1 \n service-object object TR PR TR SO TR NAME2 \n
|