Show Posts
1
Development and Code Review / NAT/RDR description export script
« on: September 09, 2022, 11:03:59 am »
Hello,
my first post here so please have mercy on me
I am currently writing a script to export the rulenumbers and descriptions from the filter/nat and rdr rules so i can feed them to my graylog for easy access.
For the filter rules export i take the content from rules.debug and the command "pfctl -vvsr | grep \@ | grep label"
Merge them together, based on the label, in an python dictionary and export it to an csv.
So i got the rule number from pfctl and based on the label the description from rules.debug.
This works pretty well. However with NAT/RDR i can't do this since they don't set any labels in rules.debug but rather have the description right there in rules.debug.
Now i thought i could just use the content from rules.debug because after the # there is the description anyway and just count up the rule numbers but unfortunatly this doesn't work either because "aliases" are only visible in rules.debug while pfctl uses single ports aparently.
For example ($web_ports is an alias containing port 80 and 443)
So one rule in rules.debug might look like this
the same thing in pfctl might look like this
For the eagle eyed ones... yeah i am also working on replacing .local from my network
Has anyone any idea how i could still get the right mapping between rulenumbers for NAT and RDR to the corresponding description?
TIA
my first post here so please have mercy on me
I am currently writing a script to export the rulenumbers and descriptions from the filter/nat and rdr rules so i can feed them to my graylog for easy access.
For the filter rules export i take the content from rules.debug and the command "pfctl -vvsr | grep \@ | grep label"
Merge them together, based on the label, in an python dictionary and export it to an csv.
So i got the rule number from pfctl and based on the label the description from rules.debug.
This works pretty well. However with NAT/RDR i can't do this since they don't set any labels in rules.debug but rather have the description right there in rules.debug.
Now i thought i could just use the content from rules.debug because after the # there is the description anyway and just count up the rule numbers but unfortunatly this doesn't work either because "aliases" are only visible in rules.debug while pfctl uses single ports aparently.
For example ($web_ports is an alias containing port 80 and 443)
So one rule in rules.debug might look like this
Code: [Select]
rdr log on em2 inet proto tcp from {any} to {(em0)} port $web_ports -> $web_home_local # Redirect to web instead of firewall
the same thing in pfctl might look like this
Code: [Select]
@6 rdr log on em2 inet proto tcp from any to (em0:1) port = http -> <web_home_local> round-robin
@7 rdr log on em2 inet proto tcp from any to (em0:1) port = https -> <web_home_local> round-robin
For the eagle eyed ones... yeah i am also working on replacing .local from my network
Has anyone any idea how i could still get the right mapping between rulenumbers for NAT and RDR to the corresponding description?
TIA