IP/String Iteration Script... (until I find a better name)

Enter string. Everything inside of dollar signs will be incremented. End with a number-sign and a number for how many incremation you want.
(Example: create access-list test_$1$ ip destination 192.168.200.$1$/32 source any ports any precedence $100$ #5 )

This script helps saving some typing if you want to use your ACL's on a router/switch as a " poor men IDS system" (looking at hit counters of your ACL's to find problems). With the recent Nachi Worm I needed to create 64 ACL's to block ICMP to find which host on a subnet catapults out ICMP traffic. Instead of using vi or a other texteditor (I have not much finesse in vi) I hacked away and almost created the access-lists by hand when a *nix guy showed off his vi skills. (Thanks Andrew). Anyways, to be able to quickly generate repetivice access-lists I wrote this little tool. May it save you one time.

Extreme Networks ACL's have the following syntax:

To create it:

ICMP: create access-list <name> icmp destination <ip|any> source <ip|any> type <number|any> code <number|any> <deny|permit> ports <slot number:port number|any> precedence <number>

IP: create access-list <name> ip destination <ip|any> source <ip|any> <deny|permit> ports <slot number:port number|any> precedence <number>

TCP: create access-list <name> tcp destination <ip|any> ip-port <any|range|number> source <ip|any> ip-port <any|range|number> <deny|permit|permit-established> ports <slot number:port number|any> precedence <number>

UDP: create access-list <name> udp destination <ip|any> ip-port <any|range|number> source <ip|any> ip-port <any|range|number> <deny|permit> ports <slot number:port number|any> precedence <number>

and then you will need to enable the access-list as well with a command like : enable access-list <name> counter.

I thought first about a form where you fill all field and press the generate button. I thought about a different approve. Instead of filling out you simply type your ACL Statement and mark fields that you need to "increment" by putting it between dollar signs ($). At the end, you simply type a number sign and how often you want this access-list with incremented values:

For example:

create access-list abc_$1$ icmp destination any source 10.10.10.$1$/32 type any code any deny ports 2:1 precedence $100$ #5

Would create 5 ACL's like this:

create access-list abc_1 icmp destination any source 10.10.10.1/32 type any code any deny ports 2:1 precedence 100
create access-list abc_2 icmp destination any source 10.10.10.2/32 type any code any deny ports 2:1 precedence 101
create access-list abc_3 icmp destination any source 10.10.10.3/32 type any code any deny ports 2:1 precedence 102
create access-list abc_4 icmp destination any source 10.10.10.4/32 type any code any deny ports 2:1 precedence 103
create access-list abc_5 icmp destination any source 10.10.10.5/32 type any code any deny ports 2:1 precedence 104

If you enter:

enable access-list abc_$1$ counter #5

The script spits out:

enable access-list abc_1 counter
enable access-list abc_2 counter
enable access-list abc_3 counter
enable access-list abc_4 counter
enable access-list abc_5 counter

Of course your access-list should not use the dollar sign and number sign as a natrual characted ! :) You can use this script for all kinds of other things as well, not only access-list. Everything were you need to repeat something.

Feedback would be appreciated. Thanks !