need assistance to gather access list rules associated with public ip's only using ansible

[Vikram S]

i need to gather firewall rules (ACL) in which source ip is a public ip or public subnet and destination is an internal server and port is tcp/3389. I am wondering how to write a script that will excluded all ACL in which source ip is internal (starting with 10.xx.xx.xx) and gather only ACL in which public ip is source.

EXAMPLE OF ACL allowing access from public ip to internal ip: 

access-list OUT_access_in line 2 extended permit tcp host 8.8.8.8 host 10.10.10.5 eq 3389 

access-list OUT_access_in line 3 extended permit tcp 8.8.8.0 255.255.255.0 host 10.10.10.5 eq 3389 

 EXAMPLE OF ACL allowing access from one internal ip to another internal ip: 

 access-list IN_access_in line 2 extended permit tcp host 10.15.15.5 host 10.10.10.5 eq 3389 

 access-list IN_access_in line 3 extended permit tcp 10.15.15.0 255.255.255.0 host 10.10.10.5 eq 3389 

 access-list IN_access_in line 4 extended permit tcp any host 10.10.10.5 eq 3389

Thanks,

Vikram

[Rajthecomputerguy]

You have to use regex patterns to match the desired ACL's

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/50fdadda-cd24-4b03-9e4f-c11d64343650n%40googlegroups.com.

--

Thanks,

Pushparaj G

[Melvin Satheesan]

Globally acceptable internal IP pool will be 172*, 10* and 192*. So all other ips will be public. 

Now list all the ips in all acl, append it to a template file, filter it based on desired port, use regular expression (^)as said below and get it concatenated to same file. 

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAE5Yv1Rh%3DCLfyEkvxRpakcp2KDYAzZ17J-oZXvOhmnc42AoAEQ%40mail.gmail.com.