Nicolas Leiva nleiva
☠️
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| result['message'] = acl | |
| ... | |
| module.exit_json(**result) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acl = get_acl(module.params) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module = AnsibleModule( | |
| argument_spec=module_args, | |
| supports_check_mode=True | |
| ) |
nleiva
/ services.svc.py
Last active
July 9, 2020 12:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SSH = 22/tcp |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DNS = 53/tcp # transfers | |
| 53/udp # queries |
nleiva
/ networks.net.py
Last active
July 9, 2020 12:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RFC1918 = 192.168.0.0/16 | |
| 172.16.0.0/12 | |
| 10.0.0.0/8 | |
| OFFICE = 192.0.2.0/24 # company IP block-1 | |
| 198.51.100.0 # company IP block-2 | |
| INTERNAL = RFC1918 | |
| OFFICE |
nleiva
/ terms.pol.hcl
Last active
July 9, 2020 12:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| term allow-intra-office { | |
| comment:: "Spoofs are already blocked at the borders" | |
| source-address:: INTERNAL | |
| destination-address:: INTERNAL | |
| destination-port:: SSH | |
| protocol:: tcp | |
| action:: accept | |
| } | |
| term allow-remote { |
nleiva
/ example.yml
Last active
July 9, 2020 12:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: Generate SSH ACL Filter for a given OS. | |
| hosts: localhost | |
| gather_facts: no | |
| tasks: | |
| - name: Run Capirca Module | |
| nleiva.capirca_acl.translate: | |
| platform: 'ciscoxr' | |
| filter_options: 'My-SSH-Filter' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from capirca.lib import cisco, juniper | |
| def get_acl(inputs): | |
| ... | |
| header = header_template.safe_substitute(inputs) | |
| defs = naming.Naming(inputs['def_folder']) | |
| terms = open(inputs['pol_file']).read() | |
| pol = policy.ParsePolicy(header + '\n' + terms, defs, optimize=True) | |
| ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module_args = dict( | |
| platform = dict(type='str', required=True, choices=['juniper', 'cisco', 'ciscoasa', 'ciscoxr', 'brocade', \ | |
| 'arista', 'aruba', 'ipset', 'iptables', 'nsxv', \ | |
| 'packetfilter', 'pcap', 'speedway', 'srx', 'srxlo', \ | |
| 'windows_advfirewall', 'nftables', 'gce', 'paloalto', 'cloudarmor' \ | |
| 'fail me']), | |
| filter_options = dict(type='list', required=False, default=['Default-ACL-Name']), | |
| comment = dict(type='str', required=False, default="Default Comment"), | |
| def_folder = dict(type='str', required=False, default="integration/targets/translate/files/def"), | |
| pol_file = dict(type='str', required=False, default="integration/targets/translate/files/policies/terms.pol"), |