Created
March 26, 2024 17:29
-
-
Save tguruslan/2b41734e5afe39b13efe7056e45fc305 to your computer and use it in GitHub Desktop.
convert pfsense to routeros
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import xml.etree.ElementTree as ET | |
import re, sys | |
def round_to_ten(number): | |
num=int(re.sub("[^0-9]", "", number)) | |
if num < 10: | |
return 5 | |
else: | |
return (num // 10) * 10 | |
def get_dnpipe_from_xml(xml_string,name): | |
root = ET.fromstring(xml_string) | |
for rule in root.findall('.//filter/rule'): | |
source_element = rule.find('source/address') | |
if source_element is not None and source_element.text is not None and source_element.text.strip() == name: | |
if rule.find('dnpipe') is not None and rule.find('dnpipe').text is not None: | |
dnpipe = round_to_ten(rule.find('dnpipe').text) | |
return "limit-{}".format(dnpipe) | |
else: | |
return "no-limit" | |
return None | |
def convert_xml_to_firewall_rules(xml_string): | |
root = ET.fromstring(xml_string) | |
rules = [] | |
for alias in root.findall('.//aliases/alias'): | |
address_element = alias.find('address') | |
if address_element is not None and address_element.text is not None: | |
name = alias.find('name').text.strip() | |
address_list = address_element.text.strip().split() | |
descr_element = alias.find('descr') | |
detail_element = alias.find('detail') | |
descr = "" | |
if descr_element is not None and descr_element.text is not None: | |
descr = " {}".format(descr_element.text.strip()) | |
detail = [] | |
if detail_element is not None and detail_element.text is not None: | |
detail = detail_element.text.strip().split('||') | |
for i, address in enumerate(address_list): | |
if address.startswith('192.168.') or address.startswith('10.') or address.startswith('172.16.'): | |
comment = f"{name}{descr}" | |
if i < len(detail) and not detail[i].startswith('Entry added'): | |
comment += f" {detail[i]}" | |
dnpipe = get_dnpipe_from_xml(xml_string,name) | |
if dnpipe: | |
rule = f"/ip firewall address-list add address={address} comment=\"{comment}\" list={dnpipe}" | |
rules.append(rule) | |
for rule in root.findall('.//filter/rule'): | |
source_element = rule.find('source/address') | |
if source_element is not None and source_element.text is not None: | |
address = source_element.text.strip() | |
if address.startswith('192.168.') or address.startswith('10.') or address.startswith('172.16.'): | |
descr_element = rule.find('descr') | |
descr = "" | |
if descr_element is not None and descr_element.text is not None: | |
descr = " {}".format(descr_element.text.strip()) | |
dnpipe = get_dnpipe_from_xml(xml_string,address) | |
if dnpipe: | |
rule = f"/ip firewall address-list add address={address} comment=\"{descr}\" list={dnpipe}" | |
rules.append(rule) | |
return rules | |
with open(sys.argv[1]) as f: | |
xml_data=f.read() | |
firewall_rules = convert_xml_to_firewall_rules(xml_data) | |
for rule in firewall_rules: | |
print(rule) | |
# python script.py pfsense_full_dump_file.xml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment