Update example

itdependsnetworks · Jul 31, 2023 · 9f79ff5 · 9f79ff5
1 parent dfc9d6a
commit 9f79ff5
Showing 1 changed file with 54 additions and 49 deletions.
diff --git a/docs/user/lib_use_cases_acl.md b/docs/user/lib_use_cases_acl.md
@@ -176,6 +176,57 @@ Using the `match_details` method, you could as an example, build logic if every
 
 ## Example Usage
 
+Here we can test if a rule is matched via the existing ruleset. We can leverage the permit or deny to understand if this exists already or not.
+
+**Simple Example**
+
+```python
+>>> from netutils.acl import ACLRules
+>>> 
+>>> existing_acls = [
+...     dict(
+...         name="Allow to internal web",
+...         src_ip=["192.168.0.0/24", "10.0.0.0/16"],
+...         dst_ip=["172.16.0.0/16", "192.168.250.10-192.168.250.20"],
+...         dst_port=["tcp/80", "udp/53"],
+...         action="permit",
+...     ),
+...     dict(
+...         name="Allow to internal dns",
+...         src_ip=["192.168.1.0/24"],
+...         dst_ip=["172.16.0.0/16"],
+...         dst_port=["tcp/80", "udp/53"],
+...         action="permit",
+...     )
+... ]
+>>> 
+>>> new_acl_match = dict(
+...     name="Check multiple sources pass",
+...     src_ip=["192.168.1.10", "192.168.1.11", "192.168.1.15-192.168.1.20"],
+...     dst_ip="172.16.0.10",
+...     dst_port="tcp/www-http",
+...     action="permit",
+... )
+>>> 
+>>> ACLRules(existing_acls).match(new_acl_match)
+'permit'
+>>> 
+>>> 
+>>> new_acl_non_match = dict(
+...     name="Check no match",
+...     src_ip=["10.1.1.1"],
+...     dst_ip="172.16.0.10",
+...     dst_port="tcp/www-http",
+...     action="permit",
+... )
+>>> 
+>>> ACLRules(existing_acls).match(new_acl_non_match)
+'deny'
+>>> 
+```
+
+**Inherit Example**
+
 ```python
 
 from netutils.acl import ACLRule
@@ -223,18 +274,19 @@ class ExpandAddrGroups(ACLRule):
     def process_dst_ip(self, dst_ip):
         return self.process_ip(dst_ip)
 ```
+
 Using the above object, we can test with:
 
 ```python
->>> rule = dict(
+>>> rule_data = dict(
 ...     name="Check allow",
 ...     src_ip=["red", "blue", "10.4.4.4"],
 ...     dst_ip=["white"],
 ...     dst_port="6/www-http",
 ...     action="permit",
 ... )
 >>> 
->>> address_object_expanded = ExpandAddrGroups(rule)
+>>> address_object_expanded = ExpandAddrGroups(rule_data)
 >>> for item in address_object_expanded.expanded_rules:
 ...   print(item)
 ... 
@@ -248,50 +300,3 @@ Using the above object, we can test with:
 ```
 
 In that example you can see how we expanded `red` -> 10.1.1.1", "10.2.2.2", "10.3.3.3" as an example.
-
-Here we can test if a rule is matched via the existing ruleset. We can leverage the permit or deny to understand if this exists already or not.
-
-```python
->>> from netutils.acl import ACLRules
->>> 
->>> existing_acls = [
-...     dict(
-...         name="Allow to internal web",
-...         src_ip=["192.168.0.0/24", "10.0.0.0/16"],
-...         dst_ip=["172.16.0.0/16", "192.168.250.10-192.168.250.20"],
-...         dst_port=["tcp/80", "udp/53"],
-...         action="permit",
-...     ),
-...     dict(
-...         name="Allow to internal dns",
-...         src_ip=["192.168.1.0/24"],
-...         dst_ip=["172.16.0.0/16"],
-...         dst_port=["tcp/80", "udp/53"],
-...         action="permit",
-...     )
-... ]
->>> 
->>> new_acl_match = dict(
-...     name="Check multiple sources pass",
-...     src_ip=["192.168.1.10", "192.168.1.11", "192.168.1.15-192.168.1.20"],
-...     dst_ip="172.16.0.10",
-...     dst_port="tcp/www-http",
-...     action="permit",
-... )
->>> 
->>> ACLRules(existing_acls).match(new_acl_match)
-'permit'
->>> 
->>> 
->>> new_acl_non_match = dict(
-...     name="Check no match",
-...     src_ip=["10.1.1.1"],
-...     dst_ip="172.16.0.10",
-...     dst_port="tcp/www-http",
-...     action="permit",
-... )
->>> 
->>> ACLRules(existing_acls).match(new_acl_non_match)
-'deny'
->>> 
-```