0

I am trying to create tool so IT applications owners can check a list of firewall interface ranges to see if the IP in behind a firewall before opening a firewall ticket for no reason. This list is about 500 IPs in the actually code.

If the the ip_check does come back True the response is easy and clean. With it enumerating through all the inter_list is returns a lot of false responses. I want to improve my logic so that the user get a yes its behind a firewall or no it is not behind a firewall. I am stuck and have been searching for a better way of doing this. I plan on this being a flask app.


import ipaddress as ip

Inter_List = ['192.168.1.1/24', '192.168.2.1/24', '192.168.3.1./24']

ip_input = input("Enter IP address:")
print("You entered this IP address:{}".format(ip_input))

for intaddr in Inter_List:
    ip_check = ip.IPv4Address(ip_input) in ip.IPv4Network(intaddr, False)
    if ip_check == True:
        print('IP {} is in {} interface range is behind a firewall'.format(ip_input,intaddr))
    else: 
       print("Not behind a firewall")
OneMoreThing
  • 11
  • 2
  • You need to quote the IPs in `Inter_List`. – Barmar Aug 11 '20 at 16:28
  • Added the quotes. I knew I was forgetting something. Thank you. My original code has the the quotes. – OneMoreThing Aug 11 '20 at 16:32
  • Why are you getting false responses? What's wrong with your logic? Is the `Inter_List` list incomplete? – Barmar Aug 11 '20 at 16:32
  • This code returns True or False `ip_check = ip.IPv4Address(ip_input) in ip.IPv4Network(intaddr, False)` The user inputs an ip address then it checks to see if the ip adress is in any of the ranges in the list. So if it is True on one range and False on the other two. I get True, False, False. – OneMoreThing Aug 11 '20 at 16:35
  • This is related to [this question](https://stackoverflow.com/questions/42913798/searching-array-reports-not-found-even-though-its-found/42913882#42913882) – Barmar Aug 11 '20 at 18:11

2 Answers2

0

The problem is that you're printing "not behind a firewall" for each network that the address isn't in. You need to check all the networks before determining that.

import ipaddress as ip

Inter_List = ['192.168.1.1/24', '192.168.2.1/24', '192.168.3.1./24']

ip_input = input("Enter IP address:")
print("You entered this IP address:{}".format(ip_input))
ipaddr = ip.IPv4Address(ip_input)
if any(ipaddr in ip.IPv4Network(intaddr, False) for intaddr in Inter_List):
    print('IP {} is in {} interface range is behind a firewall'.format(ip_input,intaddr))
else: 
    print("Not behind a firewall")
Barmar
  • 741,623
  • 53
  • 500
  • 612
  • You can also use "overlaps". if any(ipaddr.overlaps(intaddr) for intaddr in Inter_List): – marphlap Aug 11 '20 at 16:43
  • @marphlap I wasn't sure about that, the documentation seems to say this is for detecting overlapping networks, not single address containment. – Barmar Aug 11 '20 at 16:46
  • Thanks so much. This is the first time I have heard of `If any` this will be helpful in the future. I am going to go read more about `if any`. They only problem I am having is with this print statement.`print('IP {} is in {} interface range is behind a firewall'.format(ip_input,intaddr))' NameError: name 'intaddr' is not defined – OneMoreThing Aug 11 '20 at 16:53
  • @Barmar it works if you convert both ipaddr and intaddr to a network using ip.ip_network(ipaddr, strict=False) – marphlap Aug 11 '20 at 16:57
0

Here is one way:

import ipaddress as ip

Inter_List = ['192.168.1.1/24', '192.168.2.1/24', '192.168.3.1/24']

ip_input = input("Enter IP address:")

def is_behind_firewall(Inter_List, ip_input):
    print(f"You entered this IP address:{ip_input}")
    ipaddr = ip.ip_network(ip_input, strict=False)
    for intaddr in Inter_List:
        if ipaddr.overlaps(ip.ip_network(intaddr, strict=False)):
            return f'IP {ip_input} is in {intaddr} interface range is behind a firewall'
    return "Not behind a firewall"

print(is_behind_firewall(Inter_List, ip_input))
marphlap
  • 381
  • 1
  • 5