python control iptabless use config file

Question

My Friends, using python 2.7.3 i want to write some ipaddrss in file1.txt manual, each line one ip. how to using python read file1.txt all ipaddress, put it into file2.txt save as file3.txt?

file1.txt

1.1.1.1
2.2.2.2
3.3.3.3
...
5.5.5.5
...
10.10.10.10

file2.txt

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

file3.txt

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 1.1.1.1 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 2.2.2.2 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 3.3.3.3 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 4.4.4.4 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 5.5.5.5 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 6.6.6.6 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 7.7.7.7 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 8.8.8.8 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 9.9.9.9 --dport 1080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -s 10.10.10.10 --dport 1080 -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Answer 1

As your second file doesn't really change, it seems not to be needed. Generally, you have some lines of "fixed" strings, then you want to add a few lines that vary (at least the IP), then you'll add some "fixed" strings, again. This few lines of not-changing strings at the beginning and the end of the file you want to have as a result could be written right in the python code, too.

Doing so, you'll end up having a list of IPs and a python script. Running the script will generate the output you want - and all the Ip/firewall related stuff will be written right in the scripts code and could be edited there, if needed.

So, you'll need to read and write from/to files and a loop. It's not that hard and i guess reading the following sites will help you to figure out what's needed:

1. Input and Output - Reading and Writing Files. General information, about reading/writing and files
2. How to open a file using the open with statement. A recommended method to open and read files - the with statement. After doing it the "normal" way mentioned above, use this method instead.
3. For-Loop. You have a list of IPs, so you'll need to iterate over every single line, in order to write the wanted output in the result file. Just in case it isn't obvious, you can use a simple for-loop for this.
4. String concatenation vs. string substitution. As you don't want to just write the IP to your resulting file, but to add another strings to it, you'll need to create this string somehow. There are various methods to do this, the two most common are mentioned here.

Using this knowledge, you...

1. Create an output file
2. Write the few lines that don't change
3. Open and read your IP list
4. Iterate through all IPs listed
5. Generate the full string for an IP using string substitution (or concatenation)
6. Write that string to your result file, too
7. Repeat steps 5 and 6 until you're done with all IPs
8. Write the few not-changing lines at the end of your result file
9. Done!

If that's not working for you, please edit your question and show the code you're working with.

Of course it'll be possible to really use two input files to generate the output, but that's a little more coding to do and maybe it isn't really needed. If you insist on it, try what i mentioned first - you can extend your script at any time.

Answer 2

What you want to do is merge the content of two files, inserting content derived from file1.txt into file2.txt. I can see from your example that the insertion point is after the 7th line of file2.txt, but, how is the insertion point into file2.txt determined?

If it is assumed that you will always insert at that point, you can open file2.txt and file3.txt, read 7 lines from file2.txt and write those lines to file3.txt. Then you can insert the transformed IP addresses into file3.txt. Finally the rest of file2.txt is read and written to file3.txt. Some code to do that looks like this:

INSERT_AFTER_LINE = 7
template = '-A INPUT -p tcp -m state --state NEW -m tcp -s {ip} --dport 1080 -j ACCEPT\n'

with open('file2.txt') as file2, open('file3.txt', 'w') as file3:
    for i in range(INSERT_AFTER_LINE):
        file3.write(file2.readline())
    with open('file1.txt') as file1:
        for line in file1:
            file3.write(template.format(ip=line.strip()))
    file3.write(file2.read())

This task would be simplified if the order of the file does not matter because you could just add the new rules near the end of the file, before the COMMIT. However, I think that order is important for iptables rules.