SED
https://www.regextester.com/1946
Print the string between two parentheses
G8 = P(G1,G3) G9 = P(G3,G4)
- sed 's/.*(\(.*\))/\1/' file
while IFS="()" read a b; do echo "$b"; done < file
LH
sort NH-3ND-R6506E-D-1Cfg | uniq | sed 's/[0-9]*//g' | sort | uniq | sed '/^$/d' > /tmp/x
我初步看了一下共有162条语法规则(见附件'rule_lists.txt')。
$ egrep -i 'ip access-list extended' NH-3ND-R6506E-D-1Cfg | wc -l
54 个
$ sort NH-3ND-R6506E-D-1Cfg | uniq -c | awk '{ if ($1>1) { print $0 }}' | wc -l
634条一模一样的语句
$ sort NH-3ND-R6506E-D-1Cfg | uniq | sed 's/[0-9]*//g' | sort | uniq | wc -l => 162条语法规则
一共是54个access-list,634条一模一样的语句
我的计划是分组进行转换,得先测试一下。
sed 's#ip access-list extended#acl advanced name#g' < NH-3ND-R6506E-D-1Cfg > v1
$ sed 's#any any#ANYDOUBLE ANYTDOUBLE#g' < v1 > v2
$ sed 's#any#ANYSINGLE#g' < v2 > v3
$ sed 's#ANYSINGLE$#destination any#g' < v3 > v4
$ sed 's#ANYSINGLE host#any destination#g' < v4 > v5
$ sed 's#deny ip host#rule deny ip source#g' < v5 > v6
$ sed 's#deny ip#rule deny ip source#g' < v6 > v7
$ sed 's#deny.*tcp#rule deny tcp source#g' < v7 > v8
$ sed 's#eq#eqSINGLE#g' < v8 > v9
$ sed '/eqSINGLE.........$/s#eqSINGLE#destination-port eq#g' < v9 > v10
$ sed '/eqSINGLE.......$/s#eqSINGLE#destination-port eq#g' < v10 > v11
$ sed '/eqSINGLE......$/s#eqSINGLE#destination-port eq#g' < v11 > v12
$ sed '/eqSINGLE.....$/s#eqSINGLE#destination-port eq#g' < v12 > v13
$ sed '/eqSINGLE....$/s#eqSINGLE#destination-port eq#g' < v13 > v14
$ sed '/eqSINGLE...$/s#eqSINGLE#destination-port eq#g' < v14 > v15
$ sed 's#ANYSINGLE eqSINGLE#any source-port eq destination#g' < v15 > v16
$ sed '/ftp-data/s#ANYSINGLE range#destination any destination-port range#g' < v16 > v17
$ sed '/tcp/s#ANYSINGLE range#any source-port range destination#g' < v17 > v18
$ sed '/udp host/s#ANYSINGLE range#0 destination any destination-port range#g' < v18 > v19
$ sed '/udp/s#ANYSINGLE range#destination any destination-port range#g' < v19 > v20
$ sed 's#permit icmp host#rule permit icmp source#g' < v20 > v21
$ sed 's#ANYDOUBLE ANYTDOUBLE#any destination any#g' < v21 > v22
$ sed '/permit icmp source.*host/s#$# 0#g' < v22 > v23
$ sed '/permit icmp source.*host/s#host#0 destination#g' < v23 > v24
$ sed 's#^.permit icmp ANYSINGLE#rule permit icmp source any destination#g' < v24 > v25
$ sed 's#^.permit icmp#rule permit icmp source#g' < v25 > v26
$ sed '/permit icmp source.*host/s#$# 0#g' < v26 > v27
$ sed '/permit icmp source.*host/s#host#destination#g' < v27 > v28
$ sed 's#permit ip ANYSINGLE#rule permit ip source any destination#g' < v28 > v29
$ sed 's#permit ip host#rule permit ip source#g' < v29 > v30
$ sed '/rule permit ip source.*host/s#$# 0#g' < v30 > v31
$ sed '/rule permit ip source.*host/s#host#0 destination#g' < v31 > v32
$ sed '/rule permit ip source.*destination.*any/s#destination any#0 destination any#g' < v32 > v33
$ sed '/permit ip any destination...../s#$# 0#g' < v33 > v34
$ sed '/^.permit ip.*host/s#$# 0#g' < v34 > v35
$ sed '/^.permit ip.*host/s#host#destination#g' < v35 > v36
$ sed '/^.permit ip/s#permit ip#rule permit ip source#g' < v36 > v37
# permit TCP
$ sed '/^.permit tcp any source.*host/s#$# 0#g' < v37 > v38
$ sed 's#^.permit tcp#rule permit tcp source#g' < v38 > v39
$ sed '/ANYSINGLE dest/s#ANYSINGLE#destination any#g' < v39 > v40
$ sed 's#rule permit tcp source ANYSINGLE#rule permit tcp source any destination#g' < v40 > v41
$ sed '/eq.....$/s/eq/destination-port eq/g' < v8 > v9
$ sed '/eq......host/s/eq/source-port eq/g' < v9 > v10
$ sed '/eq.....host/s/eq/source-port eq/g' < v10 > v11
$ sed '/eq....host/s/eq/source-port eq/g' < v11 > v12
$ sed '/eq.......host/s/eq/source-port eq/g' < v12 > v13