PIX Access List Configuration Parser

2015 Update: Are you still running pix? This is from 2005 so probably not applicable. Process – sure. Script? Well let me know if you come up with a place for it in the world of ASA.

A large part of my work has been in making new systems interoperate cleanly and providing migration services when systems become outdated. I wrote this script to take the configuration from a PIX firewall (using access lists) and turn it into a comma-separated file. My methodology is often to turn the configuration into a standard format, make any necessary modifications and then automatically built the new configuration from that abstract of sorts.

This script is also useful for reviewing excessive configurations. When it breaks out the access list into a CSV, it also includes a field marking the full text of the original access list. This can be easily pasted into the system with a ‘no’ to negate the access-list in question.

This script will read text files and gzip compressed files. Just paste the configuration into a file, and execute the script with the filename as the first argument. Note that your installation of PHP should be compiled with zlib (for gz support) and mime-magic for file identification.

As always, I give no warranties. You break it, you fix it.


Leave a Reply

Your email address will not be published. Required fields are marked *