[python]Match most of the Cisco ASA access list patterns with regular expression

Regular expression reference

  • Purchase the course by Sujith George The Complete Regular Expressions Course:Beginner to Advanced from Udemy
  • Study this code from git hub, this code gives a good idea on how you should match access-list, from this course I realize the regex module can convert the matched data to dictionary.
  • Read this documentation about re.compile and re.match, and also this documentation for groupdict().

Regular expression patterns to match all access-list
I took screen capture to avoide wordpress from removing less than and greater than symbols.
Screenshot 2019-08-30 at 10.31.29 PMThis pattern matches these:
access-list outside_access_in line 8 extended permit icmp host 10.0.1.1 host 192.168.20.254 (hitcnt=0) 0xd71be40c
access-list outside_access_in line 8 extended permit tcp host 10.0.1.1 host 192.168.20.254 eq 8443 (hitcnt=0) 0x17f00456
access-list outside_access_in line 8 extended permit tcp host 10.0.1.1 host 192.168.20.254 eq https (hitcnt=0) 0xab9dd7da
access-list outside_access_in line 1 extended permit tcp host 192.168.31.1 host 10.3.1.1 range 999 1024 (hitcnt=0) 0xfbe3eeb0
access-list outside_access_in line 4 extended deny ip host 192.168.31.1 host 10.3.1.1 (hitcnt=0) 0xccb6b4bd

Screenshot 2019-08-30 at 10.33.40 PMThis pattern matches these:
access-list outside_access_in line 2 extended permit tcp host 192.168.31.1 range 192.168.30.23 192.168.30.30 range 999 1024 (hitcnt=0) 0x4e8a8e1f
access-list outside_access_in line 5 extended deny ip host 192.168.31.1 range 192.168.30.23 192.168.30.30 (hitcnt=0) 0x578fff80

Screenshot 2019-08-30 at 10.41.32 PMThis pattern matches these:
access-list outside_access_in line 3 extended permit tcp host 192.168.31.1 192.168.30.0 255.255.255.0 range 999 1024 (hitcnt=0) 0x1ef0e02b
access-list outside_access_in line 3 extended permit tcp host 192.168.31.1 192.168.30.0 255.255.255.0 eq https (hitcnt=0) 0x07f28ebc
access-list outside_access_in line 3 extended permit udp host 192.168.31.1 192.168.30.0 255.255.255.0 eq ntp (hitcnt=0) 0x0db383b2
access-list outside_access_in line 7 extended permit tcp host 192.168.31.1 any eq pop3 (hitcnt=0) 0x090d6938
access-list outside_access_in line 7 extended permit tcp host 192.168.31.1 any eq ssh (hitcnt=0) 0x8eb56253

Screenshot 2019-08-30 at 10.46.55 PMThis pattern matches these:
access-list outside_access_in line 9 extended permit tcp 10.0.2.0 255.255.255.0 host 192.168.30.21 eq ldap (hitcnt=0) 0x51f11bd3
access-list outside_access_in line 9 extended permit tcp 10.0.2.0 255.255.255.0 host 192.168.30.22 eq ldap (hitcnt=0) 0x6640d43b
access-list outside_access_in line 9 extended permit tcp 10.0.2.0 255.255.255.0 host 192.168.30.21 eq ldaps (hitcnt=0) 0xbe54a56d
access-list outside_access_in line 9 extended permit tcp 10.0.2.0 255.255.255.0 host 192.168.30.22 eq ldaps (hitcnt=0) 0xd08ee02c
access-list outside_access_in line 9 extended permit tcp 10.0.2.0 255.255.255.0 host 192.168.30.21 eq sqlnet (hitcnt=0) 0xcc95a9e1
access-list outside_access_in line 9 extended permit tcp 10.0.2.0 255.255.255.0 host 192.168.30.22 eq sqlnet (hitcnt=0) 0x884f0add
access-list outside_access_in line 9 extended permit udp 10.0.2.0 255.255.255.0 host 192.168.30.21 eq domain (hitcnt=0) 0xffbc3d51
access-list outside_access_in line 9 extended permit udp 10.0.2.0 255.255.255.0 host 192.168.30.22 eq domain (hitcnt=0) 0xf46e26c4
access-list outside_access_in line 9 extended permit udp 10.0.2.0 255.255.255.0 host 192.168.30.21 eq netbios-dgm (hitcnt=0) 0xbd4db72c
access-list outside_access_in line 9 extended permit udp 10.0.2.0 255.255.255.0 host 192.168.30.22 eq netbios-dgm (hitcnt=0) 0x7e744029
access-list outside_access_in line 9 extended permit udp 10.0.2.0 255.255.255.0 host 192.168.30.21 eq netbios-ns (hitcnt=0) 0x6f7bffcb
access-list outside_access_in line 9 extended permit udp 10.0.2.0 255.255.255.0 host 192.168.30.22 eq netbios-ns (hitcnt=0) 0xc25f885b
access-list outside_access_in line 15 extended permit tcp any host 192.168.30.254 eq https (hitcnt=0) 0xf9074a3a
access-list outside_access_in line 15 extended permit tcp any host 192.168.30.254 eq ssh (hitcnt=0) 0x90364631
access-list outside_access_in line 14 extended permit icmp any 192.168.30.0 255.255.255.0 (hitcnt=0) 0x3a01790e

Screenshot 2019-08-30 at 10.54.56 PMThis pattern matches these:
access-list outside_access_in line 10 extended permit tcp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq ftp (hitcnt=0) 0xe8471ab1
access-list outside_access_in line 10 extended permit tcp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq https (hitcnt=0) 0x6f937254
access-list outside_access_in line 10 extended permit tcp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq ldap (hitcnt=0) 0x5548babd
access-list outside_access_in line 10 extended permit tcp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq ldaps (hitcnt=0) 0xf6f487ce
access-list outside_access_in line 10 extended permit udp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq domain (hitcnt=0) 0xec2928fe
access-list outside_access_in line 10 extended permit udp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq www (hitcnt=0) 0x1cec9f3a
access-list outside_access_in line 10 extended permit udp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq ntp (hitcnt=0) 0xb87e33d9
access-list outside_access_in line 10 extended permit udp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq snmp (hitcnt=0) 0x5300afab
access-list outside_access_in line 10 extended permit udp 10.0.2.0 255.255.255.0 range 192.168.30.23 192.168.30.30 eq syslog (hitcnt=0) 0x46077413
access-list outside_access_in line 12 extended permit icmp range 192.168.30.23 192.168.30.30 range 10.2.1.1 10.2.1.20 (hitcnt=0) 0x84309be9
access-list outside_access_in line 12 extended permit tcp range 192.168.30.23 192.168.30.30 range 10.2.1.1 10.2.1.20 range 999 1024 (hitcnt=0) 0x4504d7d3
access-list outside_access_in line 12 extended permit tcp range 192.168.30.23 192.168.30.30 range 10.2.1.1 10.2.1.20 eq 8443 (hitcnt=0) 0xf7e25e8b
access-list outside_access_in line 12 extended permit udp range 192.168.30.23 192.168.30.30 range 10.2.1.1 10.2.1.20 eq ntp (hitcnt=0) 0xac72edb4
access-list outside_access_in line 13 extended permit tcp 10.0.2.0 255.255.255.0 172.16.1.0 255.255.255.248 range 999 1024 (hitcnt=0) 0x9d5eae42
access-list outside_access_in line 13 extended permit tcp 10.0.2.0 255.255.255.0 172.16.1.0 255.255.255.248 range 999 1024 (hitcnt=0) 0x9d5eae42

Screenshot 2019-08-30 at 10.58.54 PMThis pattern matches this:
access-list outside_access_in line 17 extended deny ip any any (hitcnt=0) 0x2c1c6a65

Python code
Python modules:

from netmiko import ConnectHandler
import re
from pprint import pprint

Connect to ASA and execute show access-list.

acl = []
conn_asa = ConnectHandler(**asa)
output = conn_asa.send_command('show access-list')


def convert_acl_to_dict(output):
    for item in output.splitlines():
        for pattern in patterns:
            regex = re.compile(pattern)
            if regex.match(item):
                matched = regex.match(item)
                acl.append(matched.groupdict())
    return acl

pprint(convert_acl_to_dict(output))
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s