Another Wicked Vim Tip

Another Wicked Vim Tip

As a follow up to my blog post covering Vim on the PacketPushers blog, I wanted to share with you another time saving tip for getting our jobs done not only quickly, but helping to remove one of the tedious steps in firewall maintenance. Today, I needed to add a large chunk of ACEs to my INSIDE-IN ACL (about 6 times larger than my example here, but spread across a couple devices..) Luckily, I used my head when it came time to start adjusting line numbers. The first thing I did was to write out my ACEs, and instead of filling in the line numbers, I just used XXX. (I would be deploying this in a few places, so I saved a couple versions as well..)

Sample output included below: IP Addresses were changed to protect the innocent…

access-list INSIDE-IN line XXX remark ~
access-list INSIDE-IN line XXX remark - Traffic to SOMETHING via HTTPS 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line XXX remark ~
access-list INSIDE-IN line XXX remark - Traffic to SOMETHING via SSH
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 22

Next, I had to remember how to do an incremental substitution, luckily the Internet is a wonderful resource. We enter EX mode, and define a function named CountUp() — to do this, press : and enter the lines below.

fun CountUp()
  let ret = g:i
  let g:i = g:i + 1
  return ret
endf

Now, we can perform a search and replacement using the function to fill in the data. We set i= to our first line number and pipe this into our search and replace statement.

:let i = 126 | %s/XXX/\=CountUp()/g

Instantly our line numbers are populated, and we’ve saved a substantial amount of time. I <3 Vim

access-list INSIDE-IN line 126 remark ~
access-list INSIDE-IN line 127 remark – Traffic to SOMETHING via HTTPS 
access-list INSIDE-IN line 128 extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 129 extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 130 extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 131 extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 132 extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line 133 extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line 134 extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 443 
access-list INSIDE-IN line 135 extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 136 extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 137 extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 138 extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 139 extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line 140 extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line 141 extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line 142 remark ~
access-list INSIDE-IN line 143 remark – Traffic to SOMETHING via SSH
access-list INSIDE-IN line 144 extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 145 extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 146 extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 147 extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 148 extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line 149 extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line 150 extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 22 
access-list INSIDE-IN line 151 extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 152 extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 153 extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 154 extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 155 extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line 156 extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line 157 extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 22

This is the most versitile solution I could find, as it allows for multiple substitutions per line, another solution that is easier to remember, and quicker to implement, but will only perform one solution per line follows below.

:let i=126 | g/XXX/s//\=i/ | let i=i+1
Tags :
    comments powered by Disqus

    Related Posts

    Mandatory Cisco DNA Licensing – is this the Future??

    Mandatory Cisco DNA Licensing – is this the Future??

    With the release of the new 9200 series switches many enterprise organizations are starting to look towards the future. Cisco has also been looking towards the future… of their …

    Read More
    Juniper QFabric, Junosphere, Automation, and More

    Juniper QFabric, Junosphere, Automation, and More

    The second day of Network Field Day 2 started early at the Juniper EBC, luckily Abner Germanow was prepared with breakfast for the weary and slightly hung over delegates. He gave …

    Read More
    The complexity required for robustness, often goes against robustness

    The complexity required for robustness, often goes against robustness

    In the past few months we have seen major outages from United Airlines, the NYSE, and the Wall Street Journal. With almost 5,000 flights grounded, and NYSE halting trading the cost …

    Read More