Sometimes brute force is the answer (on Unix)
June 2, 2009
Suppose that you want to extract all of the IP addresses used by your (OpenBSD) firewall's PF rules, so that you can (for example) validate that all of the internal addresses mentioned still exist.
(For the purposes of this exercise we can ignore IP addresses in PF tables, because those are already easy to dump. Also, I am ignoring IP address ranges, netblocks, and so on; I am just interested in specific IP addresses.)
If you think that parsing PF's
But with this approach you'd still be writing a parser, and there are a fair number of cases for it to cover.
And then there's brute force in the finest Unix traditions:
We list all the rules, turn spaces into newlines to give us one word per
line, and discard all words that don't look like IP addresses (and then
discard duplicates). That
So: sometimes brute force really is the best answer.
Sidebar: sorting IP addresses into ascending order
Because I keep having to do this: assuming that you have regularly
formed IP addresses (using all decimal digits), the incantation on a
modern version of
(As I keep forgetting, you have to explicitly tell
* * *
Atom feeds are available; see the bottom of most pages.