in Azure Firewall/Script - Migrate Checkpoint config to Azure Firewall Policy/chkp2azfw.py [0:0]
def create_app_rules(net_rcs):
last_action = None
app_rcs = []
# Loop through a copy of the rules (you cannot change a list while looping through it)
net_rcs_copy = net_rcs.copy()
for net_rc in net_rcs_copy:
for net_rule in net_rc['rules']:
# Check whether the rule is for ports 80/443, and whether the target is a FQDN
if set(net_rule['destinationPorts']) in ({'80', '443'}, {'80'}, {'443'}) and len(net_rule['destinationFqdns']) > 0:
if log_level >= 7:
print('DEBUG: Transforming rule', net_rule['name'], 'to an application rule', file=sys.stderr)
if net_rc['action'] != last_action:
rule_collection = {
'name': rc_app_name + '-' + net_rc['action'] + '-' + str(len(az_app_rcs)),
'action': net_rc['action'],
'rules': []
}
# Append the rule collection to the list of rule collections and set last_action to the new value
app_rcs.append(rule_collection)
last_action = net_rc['action']
# Remove the rule from net_rules
net_rc['rules'].remove(net_rule)
# Change the rule type
net_rule['ruleType'] = 'applicationRule'
# Change the ipProtocols/destinationPorts
net_rule.pop('ipProtocols')
net_rule['protocols'] = []
if '80' in net_rule['destinationPorts']:
net_rule['protocols'].append({'protocolType': 'Http', 'port': 80})
if '443' in net_rule['destinationPorts']:
net_rule['protocols'].append({'protocolType': 'Https', 'port': 443})
net_rule['terminateTls'] = False
net_rule.pop('destinationPorts')
# Set some app rule attributes
net_rule['targetFqdns'] = net_rule['destinationFqdns']
net_rule.pop('destinationFqdns')
net_rule['targetUrls'] = []
net_rule['webCategories'] = []
net_rule['fqdnTags'] = []
# Add the rule to the last app rule collection
app_rcs[-1]['rules'].append(net_rule)
# Finished
return net_rcs, app_rcs