Another Wicked Vim Tip

Another Wicked Vim Tip

As a follow up to my blog post covering Vim on the PacketPushers blog, I wanted to share with you another time saving tip for getting our jobs done not only quickly, but helping to remove one of the tedious steps in firewall maintenance. Today, I needed to add a large chunk of ACEs to my INSIDE-IN ACL (about 6 times larger than my example here, but spread across a couple devices..) Luckily, I used my head when it came time to start adjusting line numbers. The first thing I did was to write out my ACEs, and instead of filling in the line numbers, I just used XXX. (I would be deploying this in a few places, so I saved a couple versions as well..)

Sample output included below: IP Addresses were changed to protect the innocent…

text
access-list INSIDE-IN line XXX remark ~
access-list INSIDE-IN line XXX remark - Traffic to SOMETHING via HTTPS
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 443
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line XXX remark ~
access-list INSIDE-IN line XXX remark - Traffic to SOMETHING via SSH
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 22
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 22

Next, I had to remember how to do an incremental substitution, luckily the Internet is a wonderful resource. We enter EX mode, and define a function named CountUp() – to do this, press : and enter the lines below.

vim
fun CountUp()
  let ret = g:i
  let g:i = g:i + 1
  return ret
endf

Now, we can perform a search and replacement using the function to fill in the data. We set i= to our first line number and pipe this into our search and replace statement.

vim
:let i = 126 | %s/XXX/\=CountUp()/g

Instantly our line numbers are populated, and we’ve saved a substantial amount of time. I <3 Vim

text
access-list INSIDE-IN line 126 remark ~
access-list INSIDE-IN line 127 remark – Traffic to SOMETHING via HTTPS
access-list INSIDE-IN line 128 extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 443
access-list INSIDE-IN line 129 extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 443
access-list INSIDE-IN line 130 extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 443
access-list INSIDE-IN line 131 extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 443
access-list INSIDE-IN line 132 extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 443
access-list INSIDE-IN line 133 extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 443
access-list INSIDE-IN line 134 extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line 135 extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 443
access-list INSIDE-IN line 136 extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 443
access-list INSIDE-IN line 137 extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 443
access-list INSIDE-IN line 138 extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 443
access-list INSIDE-IN line 139 extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 443
access-list INSIDE-IN line 140 extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 443
access-list INSIDE-IN line 141 extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line 142 remark ~
access-list INSIDE-IN line 143 remark – Traffic to SOMETHING via SSH
access-list INSIDE-IN line 144 extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 22
access-list INSIDE-IN line 145 extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 22
access-list INSIDE-IN line 146 extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 22
access-list INSIDE-IN line 147 extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 22
access-list INSIDE-IN line 148 extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 22
access-list INSIDE-IN line 149 extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 22
access-list INSIDE-IN line 150 extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 22
access-list INSIDE-IN line 151 extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 22
access-list INSIDE-IN line 152 extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 22
access-list INSIDE-IN line 153 extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 22
access-list INSIDE-IN line 154 extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 22
access-list INSIDE-IN line 155 extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 22
access-list INSIDE-IN line 156 extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 22
access-list INSIDE-IN line 157 extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 22

This is the most versitile solution I could find, as it allows for multiple substitutions per line, another solution that is easier to remember, and quicker to implement, but will only perform one solution per line follows below.

vim
:let i=126 | g/XXX/s//\=i/ | let i=i+1
Tags :
comments powered by Disqus

Related Posts

Building the Tools I Wished I Had

Building the Tools I Wished I Had

Every network engineer has that moment. You’re troubleshooting something, you reach for the tool that should exist, and it either doesn’t or it was last updated when …

the road to Mac

the road to Mac

I’ve been pondering it for quite some time, but yes now I have switched to Mac. I purchased a new 2.5ghz, 4gb of Ram, 15″ Macbook Pro. Purchased the 320gb 7200rpm hard drive …

Snow Leopard – The What It Broke Edition (updated)

Snow Leopard – The What It Broke Edition (updated)

Snow Leopard was released on August 28th, and at 1:37pm I received my copy and proceeded to install it like a well trained puppy. After installing, I think I was more obsessed with …