This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
AlexeyB
Contributor
‎2019-04-05 12:40 AM

Simplified script for deletion single address from dynamic object's ip range

If we have some dyn object with range like 10.10.10.0 - 10.10.10.20. And we want to delete ip 10.10.10.10 from this range, we need to delete manual whole range 10.10.10.0-10.10.10.20 from our dynamic object and after that add two other ranges into this object. Script just simplify this routine. We just need edit two environment variables: DYN_OBJ and FIND_IP.

 

export DYN_OBJ="dyn_obj_name"; export FIND_IP="10.10.10.10"; dynamic_objects -l | sed -n '/'"$DYN_OBJ"'/,/^$/p' | awk -v DYN_OBJ="$DYN_OBJ" -v FIND_IP="$FIND_IP" 
'
  function ip2dec(str){
    split(str, octets, ".");
    dec=0;
    for (i = 1; i <= 4; i++) {
        dec += octets[i] * 256 ** (4 - i);
    }
    return dec;
  }
  function dec2ip(dec){
    ip = "";
    delim = "";
    for (e = 3; e >= 0; e--) {
      octet = int(dec / (256 ^ e));
      dec -= octet * 256 ^ e;
      ip = ip delim octet;
      delim = ".";
    }
    return ip;
  }
    NR>2 {
      if( ip2dec($4) <= ip2dec(FIND_IP) && ip2dec(FIND_IP) <= ip2dec($5) ) {print $4 " " $5; cmd="dynamic_objects -o " DYN_OBJ" -r " $4 " " $5 " -d"; print cmd; system(cmd);}
      if( ip2dec($4) == ip2dec(FIND_IP) && ip2dec(FIND_IP) == ip2dec($5) ) { print "already deleted"};
      if( ip2dec($4) == ip2dec(FIND_IP) && ip2dec(FIND_IP) < ip2dec($5) ) { cmd="dynamic_objects -o " DYN_OBJ" -r " dec2ip(ip2dec(FIND_IP)+1) " " $5 " -a"; print cmd; system(cmd);}
      if( ip2dec($4) < ip2dec(FIND_IP) && ip2dec(FIND_IP) == ip2dec($5) ) { cmd="dynamic_objects -o " DYN_OBJ" -r " $4 " " dec2ip(ip2dec($5)-1) " -a"; print cmd; system(cmd);};
      if( ip2dec($4) < ip2dec(FIND_IP) && ip2dec(FIND_IP) < ip2dec($5) ) { cmd="dynamic_objects -o " DYN_OBJ" -r " $4 " " dec2ip(ip2dec(FIND_IP)-1) " -a"; print cmd; system(cmd);cmd="dynamic_objects -o " DYN_OBJ" -r " dec2ip(ip2dec(FIND_IP)+1) " " $5 " -a"; print cmd; system(cmd);};
    }
'

 

And all of it as `on-liner` for directly usage from CLI (run it from expert-mode)

export DYN_OBJ="dyn_obj_name"; export FIND_IP="10.10.10.10"; dynamic_objects -l | sed -n '/'"$DYN_OBJ"'/,/^$/p' | awk -v DYN_OBJ="$DYN_OBJ" -v FIND_IP="$FIND_IP" ' function ip2dec(str){ split(str, octets, "."); dec=0; for (i = 1; i <= 4; i++) { dec += octets[i] * 256 ** (4 - i); } return dec; } function dec2ip(dec){ for (e = 3; e >= 0; e--) { octet = int(dec / (256 ^ e)); dec -= octet * 256 ^ e; ip = ip delim octet; delim = "."; } return ip; } NR>2 { if( ip2dec($4) <= ip2dec(FIND_IP) && ip2dec(FIND_IP) <= ip2dec($5) ) {print $4 " " $5; cmd="dynamic_objects -o " DYN_OBJ" -r " $4 " " $5 " -d"; print cmd; system(cmd);} if( ip2dec($4) == ip2dec(FIND_IP) && ip2dec(FIND_IP) == ip2dec($5) ) { print "already deleted" }; if( ip2dec($4) == ip2dec(FIND_IP) && ip2dec(FIND_IP) < ip2dec($5) ) { cmd="dynamic_objects -o " DYN_OBJ" -r " dec2ip(ip2dec(FIND_IP)+1) " " $5 " -a"; print cmd; system(cmd);} if( ip2dec($4) < ip2dec(FIND_IP) && ip2dec(FIND_IP) == ip2dec($5) ) { cmd="dynamic_objects -o " DYN_OBJ" -r " $4 " " dec2ip(ip2dec($5)-1) " -a"; print cmd; system(cmd);}; if( ip2dec($4) < ip2dec(FIND_IP) && ip2dec(FIND_IP) < ip2dec($5) ) { cmd="dynamic_objects -o " DYN_OBJ" -r " $4 " " dec2ip(ip2dec(FIND_IP)-1) " -a"; print cmd; system(cmd);cmd="dynamic_objects -o " DYN_OBJ" -r " dec2ip(ip2dec(FIND_IP)+1) " " $5 " -a"; print cmd; system(cmd);}; }'

 

  

4 Replies
PhoneBoy
Admin
Admin
‎2019-04-06 07:05 PM

You may want to put the script in a text file and attach it to your post instead as it doesn't look correct as part of the post...
0 Kudos
AlexeyB
Contributor
‎2019-04-08 11:05 PM
In response to PhoneBoy

Because it is not a script-file. It's a one-liner. 🙂 We have many appliances and I don't want to copy file on each. So I preferred one-liners which I just can copy in console.

PhoneBoy
Admin
Admin
‎2019-04-09 01:48 PM
In response to AlexeyB

Huh, so it is.
Was just a bit difficult to parse is all.
AlexeyB
Contributor
‎2019-04-28 08:24 PM
In response to PhoneBoy

I added more readable version of code into thread main message

0 Kudos