tguruslan/script.py

## script.py
import xml.etree.ElementTree as ET
import re, sys

def round_to_ten(number):
    num=int(re.sub("[^0-9]", "", number))
    if num < 10:
        return 5
    else:
        return (num // 10) * 10

def get_dnpipe_from_xml(xml_string,name):
    root = ET.fromstring(xml_string)
    for rule in root.findall('.//filter/rule'):
        source_element = rule.find('source/address')
        if source_element is not None and source_element.text is not None and source_element.text.strip() == name:
            if rule.find('dnpipe') is not None and rule.find('dnpipe').text is not None:
                dnpipe = round_to_ten(rule.find('dnpipe').text)
                return "limit-{}".format(dnpipe)
            else:
                return "no-limit"
    return None


def convert_xml_to_firewall_rules(xml_string):
    root = ET.fromstring(xml_string)
    rules = []

    for alias in root.findall('.//aliases/alias'):
        address_element = alias.find('address')
        if address_element is not None and address_element.text is not None:
            name = alias.find('name').text.strip()
            address_list = address_element.text.strip().split()
            descr_element = alias.find('descr')
            detail_element = alias.find('detail')

            descr = ""
            if descr_element is not None and descr_element.text is not None:
                descr = " {}".format(descr_element.text.strip())

            detail = []
            if detail_element is not None and detail_element.text is not None:
                detail = detail_element.text.strip().split('||')

            for i, address in enumerate(address_list):
                if address.startswith('192.168.') or address.startswith('10.') or address.startswith('172.16.'):
                    comment = f"{name}{descr}"
                    if i < len(detail) and not detail[i].startswith('Entry added'):
                        comment += f" {detail[i]}"

                    dnpipe = get_dnpipe_from_xml(xml_string,name)
                    if dnpipe:
                        rule = f"/ip firewall address-list add address={address} comment=\"{comment}\" list={dnpipe}"
                        rules.append(rule)


    for rule in root.findall('.//filter/rule'):
        source_element = rule.find('source/address')
        if source_element is not None and source_element.text is not None:
            address = source_element.text.strip()
            if address.startswith('192.168.') or address.startswith('10.') or address.startswith('172.16.'):

                descr_element = rule.find('descr')
                descr = ""
                if descr_element is not None and descr_element.text is not None:
                    descr = " {}".format(descr_element.text.strip())


                dnpipe = get_dnpipe_from_xml(xml_string,address)
                if dnpipe:
                    rule = f"/ip firewall address-list add address={address} comment=\"{descr}\" list={dnpipe}"
                    rules.append(rule)


    return rules

with open(sys.argv[1]) as f:
    xml_data=f.read()

firewall_rules = convert_xml_to_firewall_rules(xml_data)

for rule in firewall_rules:
    print(rule)

# python script.py pfsense_full_dump_file.xml
	import xml.etree.ElementTree as ET
	import re, sys

	def round_to_ten(number):
	num=int(re.sub("[^0-9]", "", number))
	if num < 10:
	return 5
	else:
	return (num // 10) * 10

	def get_dnpipe_from_xml(xml_string,name):
	root = ET.fromstring(xml_string)
	for rule in root.findall('.//filter/rule'):
	source_element = rule.find('source/address')
	if source_element is not None and source_element.text is not None and source_element.text.strip() == name:
	if rule.find('dnpipe') is not None and rule.find('dnpipe').text is not None:
	dnpipe = round_to_ten(rule.find('dnpipe').text)
	return "limit-{}".format(dnpipe)
	else:
	return "no-limit"
	return None


	def convert_xml_to_firewall_rules(xml_string):
	root = ET.fromstring(xml_string)
	rules = []

	for alias in root.findall('.//aliases/alias'):
	address_element = alias.find('address')
	if address_element is not None and address_element.text is not None:
	name = alias.find('name').text.strip()
	address_list = address_element.text.strip().split()
	descr_element = alias.find('descr')
	detail_element = alias.find('detail')

	descr = ""
	if descr_element is not None and descr_element.text is not None:
	descr = " {}".format(descr_element.text.strip())

	detail = []
	if detail_element is not None and detail_element.text is not None:
	detail = detail_element.text.strip().split('\|\|')

	for i, address in enumerate(address_list):
	if address.startswith('192.168.') or address.startswith('10.') or address.startswith('172.16.'):
	comment = f"{name}{descr}"
	if i < len(detail) and not detail[i].startswith('Entry added'):
	comment += f" {detail[i]}"

	dnpipe = get_dnpipe_from_xml(xml_string,name)
	if dnpipe:
	rule = f"/ip firewall address-list add address={address} comment=\"{comment}\" list={dnpipe}"
	rules.append(rule)


	for rule in root.findall('.//filter/rule'):
	source_element = rule.find('source/address')
	if source_element is not None and source_element.text is not None:
	address = source_element.text.strip()
	if address.startswith('192.168.') or address.startswith('10.') or address.startswith('172.16.'):

	descr_element = rule.find('descr')
	descr = ""
	if descr_element is not None and descr_element.text is not None:
	descr = " {}".format(descr_element.text.strip())


	dnpipe = get_dnpipe_from_xml(xml_string,address)
	if dnpipe:
	rule = f"/ip firewall address-list add address={address} comment=\"{descr}\" list={dnpipe}"
	rules.append(rule)


	return rules

	with open(sys.argv[1]) as f:
	xml_data=f.read()

	firewall_rules = convert_xml_to_firewall_rules(xml_data)

	for rule in firewall_rules:
	print(rule)

	# python script.py pfsense_full_dump_file.xml