+ reg_ex_src_ip = re.compile(r"(src [0-9a-fA-F.:/\d{1,2}]*)")
+ reg_ex_dst_ip = re.compile(r"(dst [0-9a-fA-F.:/\d{1,2}]*)")
+ reg_ex_sport = re.compile(r"(sport \d{1,5})")
+ reg_ex_dport = re.compile(r"(dport \d{1,5})")
+ reg_ex_proto = re.compile(r"(proto \d{1,5})")
+
+ acl_rules = list()
+ for rule in rules.split(u", "):
+ acl_rule = dict()
+ acl_rule[u"is_permit"] = 1 if u"permit" in rule else 0
+ acl_rule[u"is_ipv6"] = 1 if u"ipv6" in rule else 0
+
+ groups = re.search(reg_ex_src_ip, rule)
+ if groups:
+ grp = groups.group(1).split(u" ")[1].split(u"/")
+ acl_rule[u"src_ip_addr"] = ip_address(grp[0]).packed
+ acl_rule[u"src_ip_prefix_len"] = int(grp[1])
+
+ groups = re.search(reg_ex_dst_ip, rule)
+ if groups:
+ grp = groups.group(1).split(u" ")[1].split(u"/")
+ acl_rule[u"dst_ip_addr"] = ip_address(grp[0]).packed
+ acl_rule[u"dst_ip_prefix_len"] = int(grp[1])
+
+ groups = re.search(reg_ex_sport, rule)
+ if groups:
+ port = int(groups.group(1).split(u" ")[1])
+ acl_rule[u"srcport_or_icmptype_first"] = port
+ acl_rule[u"srcport_or_icmptype_last"] = port
+ else:
+ acl_rule[u"srcport_or_icmptype_first"] = 0
+ acl_rule[u"srcport_or_icmptype_last"] = 65535
+
+ groups = re.search(reg_ex_dport, rule)
+ if groups:
+ port = int(groups.group(1).split(u" ")[1])
+ acl_rule[u"dstport_or_icmpcode_first"] = port
+ acl_rule[u"dstport_or_icmpcode_last"] = port
+ else:
+ acl_rule[u"dstport_or_icmpcode_first"] = 0
+ acl_rule[u"dstport_or_icmpcode_last"] = 65535
+
+ groups = re.search(reg_ex_proto, rule)
+ if groups:
+ proto = int(groups.group(1).split(' ')[1])
+ acl_rule[u"proto"] = proto
+ else:
+ acl_rule[u"proto"] = 0