Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write script to find all rules involving either one or two CIDR blocks or IPs #75

Open
moshekaplan opened this issue Nov 8, 2023 · 0 comments
Open

Write script to find all rules involving either one or two CIDR blocks or IPs #75

moshekaplan opened this issue Nov 8, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@moshekaplan
Copy link
Owner

to find all rules between two specific CIDR blocks.I have created a code. it might help you to understand

import xml.etree.ElementTree as ETimport panxapi '''# Panorama connection detailspanorama_host = "192.168.248.140"panorama_user = "admin"panorama_password = "  "
# Initialize PAN-OS API connection to Panoramaxapi = panxapi(api_username=panorama_user, api_password=panorama_password, hostname=panorama_host,verify=False)
#xapi = panxapi.py -h 192.168.248.140 -l ***@***.***! -k
# Perform an API request to get all security policiesxpath = ***@***.******@***.***='vsys1']/rulebase/security/rules")
try:    response = xapi.get(xpath=xpath)    if response is None:        raise Exception("Empty response from the API.")except Exception as e:    print(f"Error: {e}")    exit()
'''# Parse the XML responseroot = ET.parse("3882.xml")#print(root)
# Iterate through the security rulesfor rule in root.findall(".//entry"):    source_objects = []    destination_objects = []        # Get the source and destination objects of the rule    for element in rule.findall(".//source/member"):        source_objects.append(element.text)    for element in rule.findall(".//destination/member"):        destination_objects.append(element.text)        # Check if any source or destination object falls within the specified IP range    in_range = False    for obj in source_objects + destination_objects:        subNetMask = obj.startswith("10.0.0.") and int(obj.split('/')[1])        if obj.startswith("10.0.0.") and (subNetMask >= 8) and (subNetMask <= 20):            in_range = True            break        if in_range:        # Print the rule name and other relevant information        # rule_name = rule.find(".//tag").text        rule_name = rule.attrib        print(f"Rule Name: {rule_name}")        print(f"Source Objects: {', '.join(source_objects)}")        print(f"Destination Objects: {', '.join(destination_objects)}")        print("\n")
# Disconnect from the Panorama device#xapi.logout()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@moshekaplan