Skip to content

Instantly share code, notes, and snippets.

@cidrblock

cidrblock/output.txt

Created July 24, 2020 16:00
Show Gist options
  • Save cidrblock/dae0edc68c35f31b2ed71bc203fdc048 to your computer and use it in GitHub Desktop.
Save cidrblock/dae0edc68c35f31b2ed71bc203fdc048 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
output.txt
(venv) ➜ parser_plugin ansible-playbook iptables.yml
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
PLAY [localhost] ********************************************************************************************************************************************
TASK [command] **********************************************************************************************************************************************
changed: [localhost]
TASK [debug] ************************************************************************************************************************************************
ok: [localhost] => {
"iptables['stdout_lines']": [
"Chain INPUT (policy ACCEPT)",
"target prot opt source destination ",
"LIBVIRT_INP all -- anywhere anywhere ",
"",
"Chain FORWARD (policy ACCEPT)",
"target prot opt source destination ",
"LIBVIRT_FWX all -- anywhere anywhere ",
"LIBVIRT_FWI all -- anywhere anywhere ",
"LIBVIRT_FWO all -- anywhere anywhere ",
"",
"Chain OUTPUT (policy ACCEPT)",
"target prot opt source destination ",
"LIBVIRT_OUT all -- anywhere anywhere ",
"",
"Chain LIBVIRT_FWI (1 references)",
"target prot opt source destination ",
"ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED",
"REJECT all -- anywhere anywhere reject-with icmp-port-unreachable",
"",
"Chain LIBVIRT_FWO (1 references)",
"target prot opt source destination ",
"ACCEPT all -- 192.168.122.0/24 anywhere ",
"REJECT all -- anywhere anywhere reject-with icmp-port-unreachable",
"",
"Chain LIBVIRT_FWX (1 references)",
"target prot opt source destination ",
"ACCEPT all -- anywhere anywhere ",
"",
"Chain LIBVIRT_INP (1 references)",
"target prot opt source destination ",
"ACCEPT udp -- anywhere anywhere udp dpt:domain",
"ACCEPT tcp -- anywhere anywhere tcp dpt:domain",
"ACCEPT udp -- anywhere anywhere udp dpt:bootps",
"ACCEPT tcp -- anywhere anywhere tcp dpt:bootps",
"",
"Chain LIBVIRT_OUT (1 references)",
"target prot opt source destination ",
"ACCEPT udp -- anywhere anywhere udp dpt:domain",
"ACCEPT tcp -- anywhere anywhere tcp dpt:domain",
"ACCEPT udp -- anywhere anywhere udp dpt:bootpc",
"ACCEPT tcp -- anywhere anywhere tcp dpt:bootpc"
]
}
TASK [set_fact] *********************************************************************************************************************************************
ok: [localhost]
TASK [debug] ************************************************************************************************************************************************
ok: [localhost] => {
"data": {
"FORWARD": {
"name": "FORWARD",
"policy": "ACCEPT",
"rules": [
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"source": "anywhere",
"target": "LIBVIRT_FWX"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"source": "anywhere",
"target": "LIBVIRT_FWI"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"source": "anywhere",
"target": "LIBVIRT_FWO"
}
]
},
"INPUT": {
"name": "INPUT",
"policy": "ACCEPT",
"rules": [
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"source": "anywhere",
"target": "LIBVIRT_INP"
}
]
},
"LIBVIRT_FWI": {
"name": "LIBVIRT_FWI",
"references": 1,
"rules": [
{
"connection_tracking": {
"states": [
"RELATED",
"ESTABLISHED"
]
},
"destination": "192.168.122.0/24",
"destination_port": {},
"protocol": "all",
"source": "anywhere",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"reject_with": "icmp-port-unreachable",
"source": "anywhere",
"target": "REJECT"
}
]
},
"LIBVIRT_FWO": {
"name": "LIBVIRT_FWO",
"references": 1,
"rules": [
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"source": "192.168.122.0/24",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"reject_with": "icmp-port-unreachable",
"source": "anywhere",
"target": "REJECT"
}
]
},
"LIBVIRT_FWX": {
"name": "LIBVIRT_FWX",
"references": 1,
"rules": [
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"source": "anywhere",
"target": "ACCEPT"
}
]
},
"LIBVIRT_INP": {
"name": "LIBVIRT_INP",
"references": 1,
"rules": [
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"udp": "domain"
},
"protocol": "udp",
"source": "anywhere",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"tcp": "domain"
},
"protocol": "tcp",
"source": "anywhere",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"udp": "bootps"
},
"protocol": "udp",
"source": "anywhere",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"tcp": "bootps"
},
"protocol": "tcp",
"source": "anywhere",
"target": "ACCEPT"
}
]
},
"LIBVIRT_OUT": {
"name": "LIBVIRT_OUT",
"references": 1,
"rules": [
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"udp": "domain"
},
"protocol": "udp",
"source": "anywhere",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"tcp": "domain"
},
"protocol": "tcp",
"source": "anywhere",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"udp": "bootpc"
},
"protocol": "udp",
"source": "anywhere",
"target": "ACCEPT"
},
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {
"tcp": "bootpc"
},
"protocol": "tcp",
"source": "anywhere",
"target": "ACCEPT"
}
]
},
"OUTPUT": {
"name": "OUTPUT",
"policy": "ACCEPT",
"rules": [
{
"connection_tracking": {},
"destination": "anywhere",
"destination_port": {},
"protocol": "all",
"source": "anywhere",
"target": "LIBVIRT_OUT"
}
]
}
}
}
PLAY RECAP **************************************************************************************************************************************************
localhost : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(venv) ➜ parser_plugin
Raw
parse_iptables_list.py
import re
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.network_template import (
NetworkTemplate,
)
class MyTemplate(NetworkTemplate):
def __init__(self, lines=None):
super(MyTemplate, self).__init__(lines=lines, tmplt=self)
PARSERS = [
{
"example": "Chain FORWARD (policy ACCEPT)",
"getval": re.compile(r"""
Chain\s(?P<chain_name>\S+)
\s+
\(
(policy\s(?P<policy>\S+))?
((?P<references>\d+)\sreferences)?
\)
$""",
re.VERBOSE)
,
"result": {
"{{ chain_name }}": {
"name": "{{ chain_name }}",
"policy": "{{ policy }}",
"references": "{{ references }}"
}
},
"shared": True
},
{
"example": "target prot opt source destination",
"getval": r"^target.*",
"result": {}
},
{
"example": "ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED",
"getval": re.compile(r"""
(?P<target>\S+)
\s+(?P<protocol>\S+)
\s+(?P<opt>\S+)
\s+(?P<source>\S+)
\s+(?P<destination>\S+)
(\s+ctstate\s(?P<ctstates>\S+))?
(\s+reject-with\s(?P<reject_with>\S+))?
(\s+udp\sdpt:(?P<udp_dpt>\S+))?
(\s+tcp\sdpt:(?P<tcp_dpt>\S+))?
""",
re.VERBOSE),
"result": {
"{{ chain_name }}": {
"rules": [{
"target": "{{ target }}",
"protocol": "{{ protocol }}",
"opt": "{% if opt == '--' %}None{% else %}{{ opt }}{% endif %}",
"source": "{{ source }}",
"destination": "{{ destination }}",
"connection_tracking": {
"states" : "{{ ctstates.split(',') }}"
},
"reject_with": "{{ reject_with }}",
"destination_port": {
"udp": "{{ udp_dpt }}",
"tcp": "{{ tcp_dpt }}"
}
}]
}
}
}
]
def parse(lines):
return MyTemplate(lines=lines).parse()
class FilterModule(object):
def filters(self):
return {"parse_iptables_list": parse}
Raw
site.yml
- hosts: localhost
gather_facts: False
tasks:
- command: iptables --list
register: iptables
become: True
- debug:
var: iptables['stdout_lines']
- set_fact:
data: "{{ iptables['stdout_lines']|parse_iptables_list }}"
- debug:
var: data
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment