Mailing List Archive

PyEZ list SRX firewall policies
Hello!

Currently playing around with PyEZ to retrieve the firewall policies from a SRX, and I have some issues with formatting/printing the source/dest/app names. I've created a custom YAML in Python for the Table/View combination and can run it against a SRX:

=== CODE ===
myYAML = '''
---
SecurityPolicyTable:
rpc: get-firewall-policies
args:
from-zone: untrust
to-zone: hq-lan
item: //policy-information
key: policy-name
view: SecurityPolicyView

SecurityPolicyView:
fields:
name: policy-name
state: policy-state
src: source-addresses/source-address/address-name
dst: destination-addresses/destination-address/address-name
app: applications/application/application-name
'''

globals().update(FactoryLoader().load(yaml.load(myYAML, Loader=yaml.FullLoader)))

secpols = SecurityPolicyTable(dev)
secpols.get()
=== ===

This results (I believe) in a list/array containing every security policies, and a nested list/array containing the source/destination/applications, When I dump the output to XML with the command secpols.savexml(path='datadump.xml') I see all the data I would like to have (see attached for a sanitized example).

When I loop through it I also see all the data, like policy name, and the source and destination addresses and so on. Problem is the formatting of the source and destination addresses, it looks like the addressbook item is sometimes 'split' per character into separate fields in the list.

=== CODE ===
for secpol in secpols:
print("Policy: " + secpol.name + ' ' + secpol.state)

print("Source: ", end=" ")
for x in range(len(secpol.src)):
print(secpol.src[x].strip(), end=" "),
print('')

print("Destination: ", end=" ")
for x in range(len(secpol.dst)):
print(secpol.dst[x].strip(), end=" "),
print('')

print("Application: ", end=" ")
for x in range(len(secpol.app)):
print(secpol.app[x].strip(), end=" "),
print('')
print('----------------------------------------------')
=== ===

So I loop through the policies, print every Secpol name and enabled/disabled, and then print the array/list containing the source/destination/application seperated by a space instead of a newline.

This results in the following output:
=== OUTPUT ===
> python getSecPolicies.py
Password: ******

Policy: rdp-to-clients enabled
Source: home nedcomp-sdc
Destination: a n y
Application: m s - r d p
----------------------------------------------
Policy: mailserver enabled
Source: a n y
Destination: m a i l s e r v e r
Application: junos-smtp junos-imaps junos-https
----------------------------------------------
Policy: http-to-dev enabled
Source: h o m e
Destination: dev-33 dev-90 dev-125
Application: j u n o s - h t t p
----------------------------------------------
Policy: buckaroo-to-dev enabled
Source: a n y
Destination: d e v - 9 0
Application: j u n o s - h t t p
----------------------------------------------
Policy: vpn-sstp enabled
Source: a n y
Destination: p e r f o r c e
Application: junos-https junos-ping
----------------------------------------------
=== ===

So it prints spaces in a addressbook item (Or newlines when omitting end=" " in the print command), but strangely only when there is a single entry, when there are multiple entries is prints the list correctly.

Does anyone know why this is happening? Should I look to Python or NETCONF/PyEZ as the source cause?

Best regards,
Floris Termorshuizen

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: PyEZ list SRX firewall policies [ In reply to ]
Hi Floris,

I'm not Python programmer, but it seems that "secpol.app" (or "src" or
"dst") is sometimes string and sometimes it's a list of strings.
If it's a single string, then it's being split into characters by []
operator.
If's it's a list, then [] gives you a string (which is what you're looking
for) with the name of application, which you can strip and print.

print("Application: ", end=" ")
for x in range(len(secpol.app)):
print(secpol.app[x].strip(), end=" "), <<< here you
get characters or strings
print('')


isinstance(secpol.app, list) can help you choosing right way of printing
variable, by example:

print("Application: ", end=" ")
if isinstance(secpol.app, list):
print(', '.join(x.strip() for x in secpol.app))
else
print(secpol.app.strip())

Perhaps there are other, more proper ways of doing that in Python.

HTH,

Regards,
Wojciech

pon., 22 lip 2019 o 08:51 Floris Termorshuizen <floris@nedcomp.nl>
napisa?(a):

> Hello!
>
> Currently playing around with PyEZ to retrieve the firewall policies from
> a SRX, and I have some issues with formatting/printing the source/dest/app
> names. I've created a custom YAML in Python for the Table/View combination
> and can run it against a SRX:
>
> === CODE ===
> myYAML = '''
> ---
> SecurityPolicyTable:
> rpc: get-firewall-policies
> args:
> from-zone: untrust
> to-zone: hq-lan
> item: //policy-information
> key: policy-name
> view: SecurityPolicyView
>
> SecurityPolicyView:
> fields:
> name: policy-name
> state: policy-state
> src: source-addresses/source-address/address-name
> dst: destination-addresses/destination-address/address-name
> app: applications/application/application-name
> '''
>
> globals().update(FactoryLoader().load(yaml.load(myYAML,
> Loader=yaml.FullLoader)))
>
> secpols = SecurityPolicyTable(dev)
> secpols.get()
> === ===
>
> This results (I believe) in a list/array containing every security
> policies, and a nested list/array containing the
> source/destination/applications, When I dump the output to XML with the
> command secpols.savexml(path='datadump.xml') I see all the data I would
> like to have (see attached for a sanitized example).
>
> When I loop through it I also see all the data, like policy name, and the
> source and destination addresses and so on. Problem is the formatting of
> the source and destination addresses, it looks like the addressbook item is
> sometimes 'split' per character into separate fields in the list.
>
> === CODE ===
> for secpol in secpols:
> print("Policy: " + secpol.name + ' ' + secpol.state)
>
> print("Source: ", end=" ")
> for x in range(len(secpol.src)):
> print(secpol.src[x].strip(), end=" "),
> print('')
>
> print("Destination: ", end=" ")
> for x in range(len(secpol.dst)):
> print(secpol.dst[x].strip(), end=" "),
> print('')
>
> print("Application: ", end=" ")
> for x in range(len(secpol.app)):
> print(secpol.app[x].strip(), end=" "),
> print('')
> print('----------------------------------------------')
> === ===
>
> So I loop through the policies, print every Secpol name and
> enabled/disabled, and then print the array/list containing the
> source/destination/application seperated by a space instead of a newline.
>
> This results in the following output:
> === OUTPUT ===
> > python getSecPolicies.py
> Password: ******
>
> Policy: rdp-to-clients enabled
> Source: home nedcomp-sdc
> Destination: a n y
> Application: m s - r d p
> ----------------------------------------------
> Policy: mailserver enabled
> Source: a n y
> Destination: m a i l s e r v e r
> Application: junos-smtp junos-imaps junos-https
> ----------------------------------------------
> Policy: http-to-dev enabled
> Source: h o m e
> Destination: dev-33 dev-90 dev-125
> Application: j u n o s - h t t p
> ----------------------------------------------
> Policy: buckaroo-to-dev enabled
> Source: a n y
> Destination: d e v - 9 0
> Application: j u n o s - h t t p
> ----------------------------------------------
> Policy: vpn-sstp enabled
> Source: a n y
> Destination: p e r f o r c e
> Application: junos-https junos-ping
> ----------------------------------------------
> === ===
>
> So it prints spaces in a addressbook item (Or newlines when omitting end="
> " in the print command), but strangely only when there is a single entry,
> when there are multiple entries is prints the list correctly.
>
> Does anyone know why this is happening? Should I look to Python or
> NETCONF/PyEZ as the source cause?
>
> Best regards,
> Floris Termorshuizen
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: PyEZ list SRX firewall policies [ In reply to ]
Oh yeah, that is it indeed. I was leaning towards a thing in Python, but I have to little experience yet in it :), I hoped it would interpret a list of a single item as a list instead of a string and split it smaller.

Thanks Wojciech!

Best regards,
Floris

---------------------

From: Wojciech Janiszewski <wojciech.janiszewski@gmail.com>
Sent: maandag 22 juli 2019 13:35
To: Floris Termorshuizen <floris@nedcomp.nl>
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] PyEZ list SRX firewall policies

Hi Floris,

I'm not Python programmer, but it seems that "secpol.app" (or "src" or "dst") is sometimes string and sometimes it's a list of strings.
If it's a single string, then it's being split into characters by [] operator.
If's it's a list, then [] gives you a string (which is what you're looking for) with the name of application, which you can strip and print.

    print("Application: ", end=" ")
    for x in range(len(secpol.app)):
        print(secpol.app[x].strip(), end=" "),                 <<< here you get characters or strings
    print('')


isinstance(secpol.app, list) can help you choosing right way of printing variable, by example:

    print("Application: ", end=" ")
    if isinstance(secpol.app, list):
        print(', '.join(x.strip() for x in secpol.app))
    else
        print(secpol.app.strip())

Perhaps there are other, more proper ways of doing that in Python.

HTH,

Regards,
Wojciech

pon., 22 lip 2019 o 08:51 Floris Termorshuizen <mailto:floris@nedcomp.nl> napisa?(a):
Hello!

Currently playing around with PyEZ to retrieve the firewall policies from a SRX, and I have some issues with formatting/printing the source/dest/app names. I've created a custom YAML in Python for the Table/View combination and can run it against a SRX:

=== CODE ===
myYAML = '''
---
SecurityPolicyTable:
    rpc: get-firewall-policies
    args:
        from-zone: untrust
        to-zone: hq-lan
    item: //policy-information
    key: policy-name
    view: SecurityPolicyView

SecurityPolicyView:
    fields:
        name: policy-name
        state: policy-state
        src: source-addresses/source-address/address-name
        dst: destination-addresses/destination-address/address-name
        app: applications/application/application-name
'''

globals().update(FactoryLoader().load(yaml.load(myYAML, Loader=yaml.FullLoader)))

secpols = SecurityPolicyTable(dev)
secpols.get()
=== ===

This results (I believe) in a list/array containing every security policies, and a nested list/array containing the source/destination/applications, When I dump the output to XML with the command secpols.savexml(path='datadump.xml') I see all the data I would like to have (see attached for a sanitized example).

When I loop through it I also see all the data, like policy name, and the source and destination addresses and so on. Problem is the formatting of the source and destination addresses, it looks like the addressbook item is sometimes 'split' per character into separate fields in the list.

=== CODE ===
for secpol in secpols:
    print("Policy: " + http://secpol.name + ' ' + secpol.state)

    print("Source: ", end=" ")
    for x in range(len(secpol.src)):
        print(secpol.src[x].strip(), end=" "),
    print('')

    print("Destination: ", end=" ")
    for x in range(len(secpol.dst)):
        print(secpol.dst[x].strip(), end=" "),
    print('')

    print("Application: ", end=" ")
    for x in range(len(secpol.app)):
        print(secpol.app[x].strip(), end=" "),
    print('')
    print('----------------------------------------------')
=== ===

So I loop through the policies, print every Secpol name and enabled/disabled, and then print the array/list containing the source/destination/application seperated by a space instead of a newline.

This results in the following output:
=== OUTPUT ===
> python getSecPolicies.py
Password: ******

Policy: rdp-to-clients enabled
Source:  home nedcomp-sdc
Destination:  a n y
Application:  m s - r d p
----------------------------------------------
Policy: mailserver enabled
Source:  a n y
Destination:  m a i l s e r v e r
Application:  junos-smtp junos-imaps junos-https
----------------------------------------------
Policy: http-to-dev enabled
Source:  h o m e
Destination:  dev-33 dev-90 dev-125
Application:  j u n o s - h t t p
----------------------------------------------
Policy: buckaroo-to-dev enabled
Source:  a n y
Destination:  d e v - 9 0
Application:  j u n o s - h t t p
----------------------------------------------
Policy: vpn-sstp enabled
Source:  a n y
Destination:  p e r f o r c e
Application:  junos-https junos-ping
----------------------------------------------
=== ===

So it prints spaces in a addressbook item (Or newlines when omitting end=" " in the print command), but strangely only when there is a single entry, when there are multiple entries is prints the list correctly.

Does anyone know why this is happening? Should I look to Python or NETCONF/PyEZ as the source cause?

Best regards,
Floris Termorshuizen

_______________________________________________
juniper-nsp mailing list mailto:juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp