Another Wicked Vim Tip

As a follow up to my blog post covering Vim on the PacketPushers blog, I wanted to share with you another time saving tip for getting our jobs done not only quickly, but helping to remove one of the tedious steps in firewall maintenance. Today, I needed to add a large chunk of ACEs to my INSIDE-IN ACL (about 6 times larger than my example here, but spread across a couple devices..) Luckily, I used my head when it came time to start adjusting line numbers. The first thing I did was to write out my ACEs, and instead of filling in the line numbers, I just used XXX. (I would be deploying this in a few places, so I saved a couple versions as well..)

Sample output included below: IP Addresses were changed to protect the innocent…

access-list INSIDE-IN line XXX remark ~
access-list INSIDE-IN line XXX remark - Traffic to SOMETHING via HTTPS 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line XXX remark ~
access-list INSIDE-IN line XXX remark - Traffic to SOMETHING via SSH
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line XXX extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 22

Next, I had to remember how to do an incremental substitution, luckily the Internet is a wonderful resource. We enter EX mode, and define a function named CountUp() — to do this, press : and enter the lines below.

fun CountUp()
  let ret = g:i
  let g:i = g:i + 1
  return ret
endf

Now, we can perform a search and replacement using the function to fill in the data. We set i= to our first line number and pipe this into our search and replace statement.

:let i = 126 | %s/XXX/\=CountUp()/g

Instantly our line numbers are populated, and we’ve saved a substantial amount of time. I <3 Vim

access-list INSIDE-IN line 126 remark ~
access-list INSIDE-IN line 127 remark – Traffic to SOMETHING via HTTPS 
access-list INSIDE-IN line 128 extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 129 extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 130 extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 131 extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 132 extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line 133 extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line 134 extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 443 
access-list INSIDE-IN line 135 extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 136 extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 137 extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 138 extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 443 
access-list INSIDE-IN line 139 extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 443 
access-list INSIDE-IN line 140 extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 443 
access-list INSIDE-IN line 141 extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 443
access-list INSIDE-IN line 142 remark ~
access-list INSIDE-IN line 143 remark – Traffic to SOMETHING via SSH
access-list INSIDE-IN line 144 extended permit tcp host 10.10.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 145 extended permit tcp host 10.10.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 146 extended permit tcp host 10.10.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 147 extended permit tcp host 10.10.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 148 extended permit tcp host 10.10.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line 149 extended permit tcp host 10.10.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line 150 extended permit tcp host 10.10.10.10 2.33.10.0 255.255.254.0 eq 22 
access-list INSIDE-IN line 151 extended permit tcp host 10.20.10.10 1.16.32.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 152 extended permit tcp host 10.20.10.10 6.23.86.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 153 extended permit tcp host 10.20.10.10 6.31.90.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 154 extended permit tcp host 10.20.10.10 6.24.10.0 255.255.255.0 eq 22 
access-list INSIDE-IN line 155 extended permit tcp host 10.20.10.10 6.14.32.0 255.255.254.0 eq 22 
access-list INSIDE-IN line 156 extended permit tcp host 10.20.10.10 2.51.10.0 255.255.252.0 eq 22 
access-list INSIDE-IN line 157 extended permit tcp host 10.20.10.10 2.33.10.0 255.255.254.0 eq 22

This is the most versitile solution I could find, as it allows for multiple substitutions per line, another solution that is easier to remember, and quicker to implement, but will only perform one solution per line follows below.

:let i=126 | g/XXX/s//\=i/ | let i=i+1

Another Wicked Vim Tip

Tags :

Related Posts

BGP Tips! multipath load balancing

Working with the Embedded Event Manager (EEM)

Cmd + Tab Replacement for Mac