Over in the sandbox we've placed the first of our little web applications. Called Tau, it's a simple Perl CGI application that, once provided with a tab delimited list of names and IP addresses and a few other details, produces script that can be pasted into a ScreenOS firewall device (such as Junper ISG, SSG and older Netscreen devices) to create a address objects to use in policies.
If you administer any ScreenOS device(s), you are going to love it. Gone are the days of clicking around in the webUI trying to create 30 address objects. Even if you already use the CLI for address object creation, Tau will still save you a good amount of time, especially in bulk operations.
The only real requirement to understand and make use of it is that you've used the ScreenOS CLI at least once to manually create address objects (e.g. set address "zoneFoo" "hostBar" 1.2.3.4 255.255.255.255 "commentBaz"). Oh, and you must not be an idiot. The is a disclaimer for those.
If you need a hand with it, or want to suggest a feature, etc, please send a tweet my way.
Now go ahead! Give him a try!
Security
I forgot to mention two things:
- The script itself uses your input, generates the output, then discards all your input. There is no logging, or writing of the input to disk. Tau does not retain anything at all. To be frank, he doesn't care for disk I/O, it's way too slow.
- Your data is sent to the server in the clear. It's not encrypted so anyone who can capture your packets can see what IP addresses you are sending Tau. Maybe you're using RFC1918 addresses and don't care. Maybe you aren't and do care. Maybe you are and still care. Either way, you are now informed.
If you've really worried about either, I'll happily send you the source so you can review it and if you wish to run your own Tau CGI on your LAN (he's a nice little self contained perl cgi of about 250 lines - no external HTML files).