Forum Discussion
NimbostratusCreate/Modify ACLs from within TMSH
Hi,
Is there a possibility to add acl-entries via tmsh to an existing acl?
Background is the task to migrate a Firepass to BigIP. I exported the config to xml. Now i want to generate tmsh-commands to import acls (about 5500 acl entries spread to about 900 acls).
so far i only found the command to create new acls with all entries in one line (which becomes very large lines if access-list contains 10 or more lines).
tia, bernhard
2 Replies
- Kevin_Stewart
Employee
This, I believe, is one of those commands that doesn't allow additive editing. So because it looked like an interesting scripting challenge, here's a Bash script you can use to add acl entries to an existing acl:
!/bin/bash if [ "$1" == "" ] || [ "$2" == "" ] then echo "Syntax error: name> " exit fi acllist=`tmsh list apm acl test-acl one-line | sed -n "s/.*{ { \([^']*\) } }.*/\1/p"` IFS={ read -a array <<< "$acllist" acl="{" for i in "${array[@]}" do acltmp="{ `echo $i |sed "s/}//"` }" acl="$acl $acltmp" done acl="$acl { $2 } }" tmsh modify apm acl $1 entries $aclThis is what your command line would look like:
./addacl.sh test-acl "action reject dst-subnet 0.0.0.0/0 src-subnet 10.60.0.0/24"The first param is the acl name, and the second is the acl entry string.
k_kirchev_28437Hello mr Stewart. Could you answer if there is a script which can convert Cisco ACE ACL(with 1800 ACE) to an F5 acl. I saw how I could take an acl entry from tmsh and make 1800 rows but it will be very annoying. I already used script to convert ACE loadbalance config to LTM but It could transfer ACL. Please help or at least give some advice.
