PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/proc/self/root/opt/imunify360/venv/share/imunify360/scripts/migrate_csf/
Upload File :
Current File : //proc/self/root/opt/imunify360/venv/share/imunify360/scripts/migrate_csf/ips.py
import subprocess
import ipaddress
from pathlib import Path
from logger_config import get_logger, capture_exception


class AdvancedFilter:
    """Represents a parsed CSF advanced filter rule."""

    def __init__(
        self,
        protocol: str = "tcp",
        direction: str = "in",
        source_ip: str | None = None,
        dest_port: int | None = None,
        source_port: int | None = None,
        original_line: str = "",
    ):
        self.protocol = protocol
        self.direction = direction
        self.source_ip = source_ip
        self.dest_port = dest_port
        self.source_port = source_port
        self.original_line = original_line

    def __repr__(self):
        return f"AdvancedFilter(protocol={self.protocol}, direction={self.direction}, source_ip={self.source_ip}, dest_port={self.dest_port}, source_port={self.source_port})"


def is_valid_ipv6_network_for_imunify(ip_string: str) -> tuple[bool, str]:
    """
    Validate IPv6 network according to Imunify360 requirements.
    Imunify360 only supports IPv6 /64 networks.

    Args:
        ip_string: IPv6 address or network in CIDR notation

    Returns:
        Tuple of (is_valid, error_message)
    """
    if "/" not in ip_string:
        # Individual IPv6 addresses should be converted to /128 for validation
        # but Imunify360 doesn't support /128, so this is an error
        return (
            False,
            "Individual IPv6 addresses not supported, use /64 networks",
        )

    try:
        # First check prefix length by parsing manually
        _, prefix_part = ip_string.split("/", 1)
        try:
            prefix_len = int(prefix_part)
        except ValueError:
            return False, "Invalid prefix length"

        # Check if prefix is /64 (Imunify360 requirement)
        if prefix_len != 64:
            return False, "Supported only ipv6 /64 networks"

        # Now check if it's a valid network with proper alignment
        ipaddress.IPv6Network(ip_string, strict=True)
        return True, ""
    except (
        ipaddress.AddressValueError,
        ipaddress.NetmaskValueError,
        ValueError,
    ) as e:
        error_msg = str(e)
        if "has host bits set" in error_msg:
            return False, "Supported only ipv6 /64 networks"
        return False, f"Invalid IPv6 network: {error_msg}"


def is_valid_ipv4_network_for_imunify(ip_string: str) -> tuple[bool, str]:
    """
    Validate IPv4 address or network according to Imunify360 requirements.

    Args:
        ip_string: IPv4 address or network in CIDR notation

    Returns:
        Tuple of (is_valid, error_message)
    """
    try:
        if "/" in ip_string:
            # CIDR notation - check if it's a proper network
            ipaddress.IPv4Network(ip_string, strict=True)
            return True, ""
        else:
            # Individual IP address
            ipaddress.IPv4Address(ip_string)
            return True, ""
    except ipaddress.AddressValueError as e:
        if "has host bits set" in str(e):
            return False, "has host bits set"
        return False, "Invalid IPv4 address/network"
    except (ipaddress.NetmaskValueError, ValueError) as e:
        return False, f"Invalid IPv4 address/network: {str(e)}"


def is_valid_ip_or_cidr(ip_string: str) -> bool:
    """Validate if a string is a valid IP address (IPv4 or IPv6) or CIDR notation."""
    try:
        # Try to parse as network (handles CIDR notation)
        if "/" in ip_string:
            ipaddress.ip_network(ip_string, strict=False)
        else:
            # Try to parse as individual IP address
            ipaddress.ip_address(ip_string)
        return True
    except (
        ipaddress.AddressValueError,
        ipaddress.NetmaskValueError,
        ValueError,
    ):
        return False


def suggest_ip_correction(ip_string: str) -> str | None:
    if is_dangerous_catchall_ip(ip_string):
        return None

    try:
        # Try to fix IPv6 /128 to /64
        if ":" in ip_string and ip_string.endswith("/128"):
            base_ip = ip_string[:-4]  # Remove /128
            try:
                # Convert to IPv6 address and create /64 network
                addr = ipaddress.IPv6Address(base_ip)
                # Create /64 network from the address
                network = ipaddress.IPv6Network(f"{addr}/{64}", strict=False)
                return str(network.network_address) + "/64"
            except (ipaddress.AddressValueError, ValueError):
                pass

        # Try to fix IPv4/IPv6 networks with host bits set
        if "/" in ip_string:
            try:
                # Try to create network with strict=False (allows host bits)
                if ":" in ip_string:
                    network = ipaddress.IPv6Network(ip_string, strict=False)
                else:
                    network = ipaddress.IPv4Network(ip_string, strict=False)
                return str(network)
            except (
                ipaddress.AddressValueError,
                ipaddress.NetmaskValueError,
                ValueError,
            ):
                pass

    except Exception:
        pass

    return None


def is_dangerous_catchall_ip(ip_string: str) -> bool:
    """
    Check if an IP address or network represents a dangerous catch-all that could block all traffic.

    This includes:
    - IPv4: 0.0.0.0 or any CIDR starting with 0.0.0.0
    - IPv6: :: or any CIDR starting with ::

    Args:
        ip_string: IP address or network string to check

    Returns:
        True if this is a dangerous catch-all IP/network
    """
    ip_string = ip_string.strip()

    if ":" in ip_string:
        # IPv6 - check for :: (all zeros)
        if ip_string == "::" or ip_string.startswith("::/"):
            return True
        # Also check for explicit all-zeros representation
        if ip_string.startswith("0000:0000:0000:0000:0000:0000:0000:0000"):
            return True
    else:
        # IPv4 - check for 0.0.0.0
        if ip_string == "0.0.0.0" or ip_string.startswith("0.0.0.0/"):
            return True

    return False


def validate_ip_for_imunify(ip_string: str) -> tuple[bool, str]:
    """
    Comprehensive validation for IP addresses/networks according to Imunify360 requirements.

    Args:
        ip_string: IP address or network string to validate

    Returns:
        Tuple of (is_valid, error_message)
    """
    if not ip_string or not ip_string.strip():
        return False, "Empty IP address"

    ip_string = ip_string.strip()
    if is_dangerous_catchall_ip(ip_string):
        return (
            False,
            f"DANGEROUS: {ip_string} represents all addresses and would block all connections",
        )

    # Determine if it's IPv4 or IPv6
    if ":" in ip_string:
        # IPv6
        return is_valid_ipv6_network_for_imunify(ip_string)
    else:
        # IPv4
        return is_valid_ipv4_network_for_imunify(ip_string)


def get_ip_from_line(line: str) -> str | None:
    """Extract and validate IP from a line, returning None if invalid."""
    if not is_valid_ip_or_cidr(line):
        return None

    is_valid, error_msg = validate_ip_for_imunify(line)
    if is_valid:
        return line

    logger = get_logger()
    suggestion = suggest_ip_correction(line)
    msg = f"Invalid IP/CIDR '{line}': {error_msg}."
    if suggestion:
        msg += f" Suggested correction: '{suggestion}'"
    logger.warning(msg)

    return None


def get_advanced_filter_from_line(line: str) -> AdvancedFilter | None:
    """
    Parse a CSF advanced filter line.

    Format: [protocol]|[direction]|[parameter=value]|[parameter=value]...
    or minimal: parameter=value

    Examples:
    - udp|d=53|s=192.168.1.0/24
    - in|d=80|s=8.8.8.8
    - tcp|out|d=443|s=10.0.0.1
    - d=80  (minimal filter)

    Args:
        line: CSF advanced filter line

    Returns:
        AdvancedFilter object if successfully parsed, None otherwise
    """

    parts = line.split("|")

    # Require at least one meaningful part (not just empty strings)
    meaningful_parts = [p.strip() for p in parts if p.strip()]
    if len(meaningful_parts) < 1:
        return None

    # Must have at least one parameter with "=" or be a protocol/direction
    has_parameter = any("=" in part for part in meaningful_parts)
    has_protocol_or_direction = any(
        part.lower() in ["tcp", "udp", "in", "out"]
        for part in meaningful_parts
    )

    if not has_parameter and not has_protocol_or_direction:
        return None

    # Initialize defaults
    protocol = "tcp"
    direction = "in"
    source_ip = None
    dest_port = None
    source_port = None

    for part in meaningful_parts:
        part = part.strip()
        if not part:
            continue

        # Check for protocol
        if part.lower() in ["tcp", "udp"]:
            protocol = part.lower()
        # Check for direction
        elif part.lower() in ["in", "out"]:
            direction = part.lower()
        # Check for parameter=value pairs
        elif "=" in part:
            param, value = part.split("=", 1)
            param = param.strip().lower()
            value = value.strip()

            if param == "s":  # source
                try:
                    source_port = int(value)
                except ValueError:
                    # Treat as IP if not a valid port number
                    if is_valid_ip_or_cidr(value):
                        # Additional validation for Imunify360 requirements
                        is_valid, error_msg = validate_ip_for_imunify(value)
                        if is_valid:
                            source_ip = value
                        else:
                            logger = get_logger()
                            msg = f"Invalid source IP in advanced filter '{value}': {error_msg}."
                            suggestion = suggest_ip_correction(value)
                            if suggestion:
                                msg += f" Suggested correction: '{suggestion}'"
                            logger.warning(msg)

            elif param == "d":  # destination
                try:
                    dest_port = int(value)
                except ValueError:
                    # For destination, we only support port numbers in this migration
                    pass

    return AdvancedFilter(
        protocol=protocol,
        direction=direction,
        source_ip=source_ip,
        dest_port=dest_port,
        source_port=source_port,
        original_line=line,
    )


def get_ips_and_filters_from_csf_file(
    file_path: str, processed_files: set[str] | None = None
) -> tuple[list[str], list[AdvancedFilter]]:
    """
    Read a CSF file and extract both IP addresses/CIDR ranges and advanced filters.
    Handles Include statements recursively.

    Args:
        file_path: Path to the CSF file
        processed_files: Set of already processed files to avoid infinite loops

    Returns:
        Tuple of (List of IP addresses/CIDR ranges, List of AdvancedFilter objects)
    """
    logger = get_logger()

    if processed_files is None:
        processed_files = set()

    # Convert to absolute path to avoid processing same file multiple times
    abs_path = str(Path(file_path).resolve())
    if abs_path in processed_files:
        return [], []

    processed_files.add(abs_path)

    ips = []
    advanced_filters = []

    try:
        with open(file_path, "r", encoding="utf-8") as f:
            for line in f:
                original_line = line.strip()
                if not original_line or original_line.startswith("#"):
                    continue

                # Remove inline comments
                original_line = original_line.partition("#")[0].strip()
                if not original_line:
                    continue

                # Handle Include statements
                if original_line.lower().startswith("include "):
                    include_path = original_line[
                        8:
                    ].strip()  # Remove 'include ' prefix
                    logger.debug(f"Processing included file: {include_path}")

                    if Path(include_path).exists():
                        included_ips, included_filters = (
                            get_ips_and_filters_from_csf_file(
                                include_path, processed_files
                            )
                        )
                        ips.extend(included_ips)
                        advanced_filters.extend(included_filters)
                    else:
                        logger.warning(
                            f"Included file not found: {include_path}"
                        )
                    continue

                if "|" in original_line:
                    advanced_filter = get_advanced_filter_from_line(
                        original_line
                    )
                    if advanced_filter:
                        advanced_filters.append(advanced_filter)
                        logger.debug(
                            f"Found advanced filter: {advanced_filter.original_line}"
                        )
                else:
                    ip = get_ip_from_line(original_line)
                    if ip:
                        ips.append(ip)
                        logger.debug(f"Found IP/CIDR: {ip}")

    except FileNotFoundError:
        logger.error(f"File not found: {file_path}")
    except PermissionError:
        logger.error(f"Permission denied reading file: {file_path}")
    except Exception as e:
        logger.error(f"Error reading file {file_path}: {e}")

    return ips, advanced_filters


def execute_blocked_port_command(
    port: int, protocol: str, source_ip: str | None = None
) -> bool:
    """
    Execute imunify360-agent blocked-port command.

    Args:
        port: Port number
        protocol: "tcp" or "udp"
        source_ip: Optional source IP restriction

    Returns:
        True if command succeeded, False otherwise
    """
    logger = get_logger()

    cmd = [
        "imunify360-agent",
        "blocked-port",
        "add",
        "--comment",
        '"migrated from csf advanced filter"',
        f"{port}:{protocol}",
    ]

    if source_ip:
        cmd.extend(["--ips", source_ip])
    logger.debug(f"Executing command: {' '.join(cmd)}")

    try:
        result = subprocess.run(
            cmd, capture_output=True, text=True, timeout=30
        )

        if result.returncode == 0:
            ip_info = f" (source: {source_ip})" if source_ip else ""
            logger.info(
                f"Successfully added blocked port {port}:{protocol}{ip_info}"
            )
            return True
        else:
            logger.error(
                f"Failed to add blocked port {port}:{protocol}: {result.stderr}"
            )
            return False

    except subprocess.TimeoutExpired:
        logger.error(
            f"Timeout executing blocked-port command for {port}:{protocol}"
        )
        return False
    except Exception as e:
        logger.error(
            f"Error executing blocked-port command for {port}:{protocol}: {e}"
        )
        return False


def validate_and_filter_ips(
    ips: list[str],
) -> tuple[list[str], list[dict], list[str]]:
    """
    Validate a list of IPs and filter out invalid ones.

    Args:
        ips: List of IP strings to validate

    Returns:
        Tuple of (valid_ips, validation_errors, dangerous_ips)
        where:
        - valid_ips: List of valid IPs that can be processed
        - validation_errors: List of dicts with 'ip', 'error', 'suggestion' keys for regular errors
        - dangerous_ips: List of dangerous catch-all IPs that require manual handling
    """
    valid_ips = []
    validation_errors = []
    dangerous_ips = []

    for ip in ips:
        if is_dangerous_catchall_ip(ip):
            dangerous_ips.append(ip)
        else:
            is_valid, error_msg = validate_ip_for_imunify(ip)
            if is_valid:
                valid_ips.append(ip)
            else:
                suggestion = suggest_ip_correction(ip)
                validation_errors.append(
                    {"ip": ip, "error": error_msg, "suggestion": suggestion}
                )

    return valid_ips, validation_errors, dangerous_ips


def log_dangerous_ips_warning(
    dangerous_ips: list[str], list_type: str, context: str = ""
):
    """Log a special warning for dangerous catch-all IPs that require manual handling."""
    if list_type == "whitelist":
        return

    if not dangerous_ips:
        return

    logger = get_logger()
    logger.warning(f"\n === DANGEROUS IP ADDRESSES DETECTED {context} ===")
    logger.warning(
        f"Found {len(dangerous_ips)} catch-all IP address(es) that would block ALL traffic:"
    )

    for i, ip in enumerate(dangerous_ips, 1):
        logger.warning(
            f"  {i}. '{ip}' - represents ALL addresses (0.0.0.0 or ::)"
        )

    logger.warning(
        "\n WARNING: Adding these IPs to blacklist will block ALL connections!"
    )
    logger.warning(" This could make your server completely inaccessible!")
    logger.warning(
        "\nIf you really want to add these IPs, you must do it manually:"
    )

    for ip in dangerous_ips:
        logger.warning(
            f"  imunify360-agent ip-list local add --purpose drop '{ip}'"
        )

    logger.warning("\n PLEASE BE EXTREMELY CAREFUL - THIS MAY LOCK YOU OUT!")
    logger.warning("=== End Dangerous IP Warning ===\n")


def log_validation_summary(validation_errors: list[dict], context: str = ""):
    """Log a summary of validation errors with suggestions."""
    if not validation_errors:
        return

    logger = get_logger()
    logger.warning(f"\n=== IP Validation Issues {context} ===")
    logger.warning(f"Found {len(validation_errors)} invalid IP(s)/CIDR(s):")

    for i, error_info in enumerate(validation_errors, 1):
        ip = error_info["ip"]
        error = error_info["error"]
        suggestion = error_info["suggestion"]

        logger.warning(f"  {i}. IP: '{ip}' - {error}")
        if suggestion:
            logger.warning(f"     Suggested fix: '{suggestion}'")

    logger.warning("=== End IP Validation Issues ===\n")


def execute_imunify_command(ips: list[str], list_type: str) -> bool:
    logger = get_logger()
    if list_type == "whitelist":
        list_purpose = "white"
    elif list_type == "blacklist":
        list_purpose = "drop"

    cmd = [
        "imunify360-agent",
        "ip-list",
        "local",
        "add",
        "--purpose",
        list_purpose,
        "--comment",
        '"migrated from csf"',
        *ips,
    ]
    logger.debug(f"Executing command: {' '.join(cmd)}")
    try:
        result = subprocess.run(
            cmd, capture_output=True, text=True, timeout=60
        )

        if result.returncode == 0:
            logger.info(f"Successfully added {len(ips)} IPs to {list_type}")
            return True
        else:
            logger.error(
                f"Failed to add {ips} to {list_type}: {result.stderr}"
            )
            return False

    except subprocess.TimeoutExpired:
        logger.error(f"Timeout executing command for {ips}")
        return False
    except Exception as e:
        logger.error(f"Error executing command for {ips}: {e}")
        return False


def migrate_advanced_filters(
    advanced_filters: list[AdvancedFilter], file_type: str
) -> bool:
    """
    Migrate CSF advanced filters to Imunify360 blocked ports.
    Only supports inbound direction filters.

    Args:
        advanced_filters: List of AdvancedFilter objects
        file_type: "allow" or "deny" - determines migration behavior

    Returns:
        True if all supported filters migrated successfully, False otherwise
    """
    logger = get_logger()

    if not advanced_filters:
        logger.info(
            f"No advanced filters found to migrate from {file_type} file"
        )
        return True

    logger.info(
        f"Processing {len(advanced_filters)} advanced filter(s) from {file_type} file"
    )

    success = True
    migrated_count = 0
    warning_count = 0

    for filter_obj in advanced_filters:
        # Check if direction is supported (only 'in')
        if filter_obj.direction != "in":
            logger.warning(
                f"Unsupported direction '{filter_obj.direction}' - skipping filter: {filter_obj.original_line}"
            )
            warning_count += 1
            continue

        # Check if we have a destination port (required for blocked-port commands)
        if filter_obj.dest_port is None:
            logger.warning(
                f"No destination port found - skipping filter: {filter_obj.original_line}"
            )
            warning_count += 1
            continue

        # Check if source port is specified (not supported)
        if filter_obj.source_port is not None:
            logger.warning(
                f"Source port restrictions not supported in blocked-port migration - skipping filter: {filter_obj.original_line}"
            )
            warning_count += 1
            continue

        # Validate port range
        if not (1 <= filter_obj.dest_port <= 65535):
            logger.warning(
                f"Invalid port number {filter_obj.dest_port} - skipping filter: {filter_obj.original_line}"
            )
            warning_count += 1
            continue

        if file_type == "deny":
            if execute_blocked_port_command(
                filter_obj.dest_port,
                filter_obj.protocol,
                filter_obj.source_ip,
            ):
                migrated_count += 1
            else:
                success = False
        elif file_type == "allow":
            # For allow file filters, we ignore all of them and just log warnings
            logger.warning(
                f"Allow file advanced filters are not migrated - skipping: {filter_obj.original_line}"
            )
            warning_count += 1

    logger.info(f"""
Advanced filter migration summary for {file_type} file:
  - Migrated: {migrated_count}
  - Warnings/Skipped: {warning_count}
""")

    if warning_count > 0:
        logger.warning(
            f"Some advanced filters from {file_type} file could not be migrated. Please review the warnings above."
        )

    return success


def migrate_ips() -> bool:
    """
    Main function to migrate IPs and advanced filters from CSF to Imunify360.

    Returns:
        True if migration completed successfully, False otherwise
    """
    logger = get_logger()
    try:
        logger.info(
            "Starting IP and advanced filter migration from CSF to Imunify360"
        )

        success = True

        csf_files = {
            "/etc/csf/csf.allow": "whitelist",
            "/etc/csf/csf.deny": "blacklist",
        }

        # Track advanced filters by file type
        allow_advanced_filters = []
        deny_advanced_filters = []

        for file_path, list_type in csf_files.items():
            logger.info(f"Processing {file_path} for {list_type}")

            if not Path(file_path).exists():
                logger.warning(f"CSF file not found: {file_path}")
                continue

            ips, advanced_filters = get_ips_and_filters_from_csf_file(
                file_path
            )

            # Migrate IPs
            if ips:
                logger.info(f"Found {len(ips)} IP(s)/CIDR(s) in {file_path}")
                valid_ips, validation_errors, dangerous_ips = (
                    validate_and_filter_ips(ips)
                )

                if dangerous_ips:
                    log_dangerous_ips_warning(
                        dangerous_ips, list_type, f"from {file_path}"
                    )

                if validation_errors:
                    log_validation_summary(
                        validation_errors, f"from {file_path}"
                    )

                if valid_ips:
                    total_issues = len(dangerous_ips) + len(validation_errors)
                    if total_issues > 0:
                        logger.info(
                            f"Processing {len(valid_ips)} valid IP(s)/CIDR(s) out of {len(ips)} total ({len(dangerous_ips)} dangerous, {len(validation_errors)} invalid)"
                        )
                    else:
                        logger.info(
                            f"Processing {len(valid_ips)} valid IP(s)/CIDR(s)"
                        )

                    if not execute_imunify_command(valid_ips, list_type):
                        success = False
                else:
                    if dangerous_ips or validation_errors:
                        logger.warning(
                            f"No valid IPs found in {file_path} after validation"
                        )
                    else:
                        logger.info(f"No IPs to process from {file_path}")
            else:
                logger.info(f"No IPs found in {file_path}")

            # Categorize advanced filters by file type
            if advanced_filters:
                logger.info(
                    f"Found {len(advanced_filters)} advanced filter(s) in {file_path}"
                )
                if "allow" in file_path:
                    allow_advanced_filters.extend(advanced_filters)
                else:
                    deny_advanced_filters.extend(advanced_filters)
            else:
                logger.info(f"No advanced filters found in {file_path}")

        # Migrate advanced filters separately by file type
        logger.info("--- Advanced Filter Migration ---")

        # Migrate allow file advanced filters
        if allow_advanced_filters:
            logger.info("Processing allow file advanced filters:")
            if not migrate_advanced_filters(allow_advanced_filters, "allow"):
                success = False

        # Migrate deny file advanced filters
        if deny_advanced_filters:
            logger.info("Processing deny file advanced filters:")
            if not migrate_advanced_filters(deny_advanced_filters, "deny"):
                success = False

        if not allow_advanced_filters and not deny_advanced_filters:
            logger.info("No advanced filters found to migrate")

        logger.info("\n--- Migration Summary ---")
        if success:
            logger.info("Migration completed successfully")
        else:
            logger.warning("Migration completed with some errors")

        return success
    except Exception as e:
        logger.error(f"Error during IP and advanced filter migration: {e}")
        capture_exception(e, {"migration_type": "ips"})
        return False