steps.py

import re
from librouteros import connect,Api

def configDefault(conn:Api,config):
    configNet(conn, config)
    configOuts(conn, config)
    configScripts(conn, config)


def configNet(conn:Api,config):
    '''
    配置网络
    '''

    # 配置路由
    routes = conn.path('ip', 'route')
    for route in routes:
        if route['routing-table'] == '1':
            try:
                routes.update(**{
                    '.id': route['.id'],
                    'gateway': config['gateway']
                })
            except Exception as e:
                print('更新默认路由失败: {}'.format(e))
                continue

    # 配置地址
    addrs = conn.path('ip', 'address')
    for addr in addrs:
        if addr['interface'] == 'lan':
            try:
                addrs.update(**{
                    '.id': addr['.id'],
                    'address': config['private']
                })
            except Exception as e:
                print('更新 WAN 地址失败: {}'.format(e))
                continue

    # 刷新 mac 地址
    eths = conn.path('interface', 'ethernet')
    for eth in eths:
        if eth['name'] == 'lan':
            tuple(eths('reset-mac-address', **{
                '.id': eth['.id']
            }))

def configOuts(conn:Api,config):
    '''
    配置 vpn 出口负载均衡
    '''
    count = 20

    # 配置 ppp
    ppps = conn.path('interface', 'l2tp-client')

    # 删除旧的 ppp
    for ppp in ppps:
        if ppp['name'].startswith('l2tp-out'):
            try:
                ppps.remove(ppp['.id'])
            except Exception as e:
                print('删除 PPP 失败: {}'.format(e))
                continue
    
    # 添加新的 ppp
    for i in range(1, count+1):
        ppps.add(**{
            'name':'l2tp-out{}'.format(i),
            'connect-to':'192.168.25{}.25{}'.format((i-1)%3+1, (i-1)%3+1),
            'user':'jdzz{}dt{}'.format(i, config['index']),
            'password':'123231',
            'disabled':'no',
        })
    

    # 配置路由
    routes = conn.path('ip', 'route')

    # 删除旧的路由表
    for route in routes:
        if str(route['routing-table']).startswith('r'):
            try:
                routes.remove(route['.id'])
            except Exception as e:
                print('删除路由表失败: {}'.format(e))
                continue

    # 添加新的路由表
    for i in range(1,count+1):
        routeName = 'r{}'.format(i)
        routeOut = 'l2tp-out{}'.format(i)
        try:
            routes.add(**{
                'dst-address': '0.0.0.0/0',
                'gateway': routeOut,
                'routing-table': routeName,
            })
        except Exception as e:
            print('添加路由表失败: {}'.format(e))
            continue

def configScripts(conn:Api,config):
    '''
    配置脚本
    '''

    scripts = conn.path('system', 'script')
    for script in scripts:
        if script['name'] == 'up':
            with open('scripts/up.rsc', 'rb') as file:
                upScript = str(file.read(), encoding='utf-8')
                scripts.update(**{
                    '.id': script['.id'],
                    'source': upScript
                })
        elif script['name'] == 'down':
            with open('scripts/down.rsc', 'rb') as file:
                downScript = str(file.read(), encoding='utf-8')
                scripts.update(**{
                    '.id': script['.id'],
                    'source': downScript
                })
        elif script['name'] == 'onlinestatus':
            with open('scripts/onlinestatus.rsc', 'rb') as file:
                onlineStatusScript = str(file.read(), encoding='utf-8')
                scripts.update(**{
                    '.id': script['.id'],
                    'source': onlineStatusScript.replace('<IP>', config['public'])
                })
        elif script['name'] == 'pppoestatus':
            with open('scripts/pppoestatus.rsc', 'rb') as file:
                pppoeStatusScript = str(file.read(), encoding='utf-8')
                scripts.update(**{
                    '.id': script['.id'],
                    'source': pppoeStatusScript.replace('<IP>', config['public'])
                })

def configLogs(conn:Api,config):
    '''
    配置日志处理
    '''

    # 添加日志过滤器
    filters = conn.path('ip', 'firewall', 'filter')
    for filter in filters:
        if filter['comment'] == 'natlog':
            try:
                filters.remove(filter['.id'])
            except Exception as e:
                print('删除过滤器失败: {}'.format(e))
                continue

    filters.add(**{
        'chain': 'forward',
        'action': 'log',
        'comment': 'natlog',
        'dst-address': '10.0.0.0/8',
        'protocol': 'tcp',
        'connection-nat-state': 'srcnat',
        'tcp-flags': 'syn',
    })

    filters.add(**{
        'chain': 'forward',
        'action': 'log',
        'comment': 'natlog',
        'src-address': '10.0.0.0/8',
        'protocol': 'udp',
        'dst-port': '!53',
        'connection-nat-state': '!srcnat',
    })

    # 添加日志动作
    actions = conn.path('system', 'logging', 'action')

    for action in actions:
        if action['name'] in ['logremote', 'logremoteidc']:
            try:
                actions.remove(action['.id'])
            except Exception as e:
                print('删除日志动作失败: {}'.format(e))
                continue

    actions.add(**{
        'name': 'logremote',
        'target': 'remote',
        'src-address': '0.0.0.0',
        'remote': '106.119.167.38',
        'remote-port': '5775',
    })

    actions.add(**{
        'name': 'logremoteidc',
        'target': 'remote',
        'src-address': '0.0.0.0',
        'remote': '192.168.100.255',
        'remote-port': '5775',
    })

    # 配置日志动作
    logs = conn.path('system', 'logging')

    for log in logs:
        if 'firewall' in log['topics'] and 'info' in log['topics']:
            try:
                logs.remove(log['.id'])
            except Exception as e:
                print('删除日志配置失败: {}'.format(e))
                continue

    logs.add(**{
        'topics': 'firewall,info',
        'prefix': config['code'],
        'action': 'logremote',
    })

    logs.add(**{
        'topics': 'firewall,info',
        'prefix': config['code'],
        'action': 'logremoteidc',
    })

def addDrop(conn:Api, config):
    '''
    添加丢弃规则
    '''

    domains = [
        'kasut.org',
        'chigua41.xyz',
        'chigua35.info',
        'chigua32.life',
        'iufsvayufgiwlj6ok.com',
        'kaixr.top',
        'qiopqc.cn',
        'lsdhgsduyccnja18.com',
        'tongyan01.club',
        'nenmei37.club',
        '69lesbi.com',
        'ero-labs.cool',
        'soxue100.com',
        '24news.world',
        'aaa215.click',
        'qqqqqdfggjkgfgfhe.cc',
        'lovefootjob.com',
        'hadesex.com',
    ]

    ips = [
        '23.231.144.26',
        '23.231.183.17',
        '23.231.182.57',
        '23.231.182.56',
        '154.92.94.91',
        '154.92.94.163',
        '192.250.241.167',
        '192.250.192.242',
    ]

    # 非法网站列表
    layer7 = conn.path('ip', 'firewall', 'layer7-protocol')

    for item in layer7:
        if item['name'] == 'illegal':
            try:
                layer7.remove(item['.id'])
            except Exception as e:
                print('删除 Layer7 规则失败: {}'.format(e))
                continue

    layer7.add(**{
        'name': 'illegal',
        'regexp': f'({"|".join([re.escape(domain) for domain in domains])})[/:]?.*',
    })

    # 非法 IP 列表
    addressLists = conn.path('ip', 'firewall', 'address-list')
    for item in addressLists:
        if item['list'] == 'illegal':
            try:
                ips.remove(item['address'])
            except Exception as e:
                continue

    for ip in ips:
        addressLists.add(**{
            'list': 'illegal',
            'address': ip,
        })

    # 添加丢弃规则
    filters = conn.path('ip', 'firewall', 'filter')

    for item in filters:
        if item['comment'] == 'drop illegal websites':
            try:
                filters.remove(item['.id'])
            except Exception as e:
                print('删除过滤器失败: {}'.format(e))
                continue
        elif item['comment'] == 'drop illegal ips':
            try:
                filters.remove(item['.id'])
            except Exception as e:
                print('删除过滤器失败: {}'.format(e))
                continue

    filters.add(**{
        'chain': 'forward',
        'action': 'drop',
        'layer7-protocol': 'illegal',
        'comment': 'drop illegal websites',
    })

    filters.add(**{
        'chain': 'forward',
        'action': 'drop',
        'src-address-list': 'illegal',
        'comment': 'drop illegal ips',
    })
混拨节点适配 2025-09-08 12:55:20 +08:00			`import re`
			`from librouteros import connect,Api`

			`def configDefault(conn:Api,config):`
			`configNet(conn, config)`
			`configOuts(conn, config)`
			`configScripts(conn, config)`


			`def configNet(conn:Api,config):`
			`'''`
			`配置网络`
			`'''`

			`# 配置路由`
			`routes = conn.path('ip', 'route')`
			`for route in routes:`
			`if route['routing-table'] == '1':`
			`try:`
			`routes.update(**{`
			`'.id': route['.id'],`
			`'gateway': config['gateway']`
			`})`
			`except Exception as e:`
			`print('更新默认路由失败: {}'.format(e))`
			`continue`

			`# 配置地址`
			`addrs = conn.path('ip', 'address')`
			`for addr in addrs:`
			`if addr['interface'] == 'lan':`
			`try:`
			`addrs.update(**{`
			`'.id': addr['.id'],`
			`'address': config['private']`
			`})`
			`except Exception as e:`
			`print('更新 WAN 地址失败: {}'.format(e))`
			`continue`

			`# 刷新 mac 地址`
			`eths = conn.path('interface', 'ethernet')`
			`for eth in eths:`
			`if eth['name'] == 'lan':`
			`tuple(eths('reset-mac-address', **{`
			`'.id': eth['.id']`
			`}))`

			`def configOuts(conn:Api,config):`
			`'''`
			`配置 vpn 出口负载均衡`
			`'''`
			`count = 20`

			`# 配置 ppp`
			`ppps = conn.path('interface', 'l2tp-client')`

			`# 删除旧的 ppp`
			`for ppp in ppps:`
			`if ppp['name'].startswith('l2tp-out'):`
			`try:`
			`ppps.remove(ppp['.id'])`
			`except Exception as e:`
			`print('删除 PPP 失败: {}'.format(e))`
			`continue`

			`# 添加新的 ppp`
			`for i in range(1, count+1):`
			`ppps.add(**{`
			`'name':'l2tp-out{}'.format(i),`
			`'connect-to':'192.168.25{}.25{}'.format((i-1)%3+1, (i-1)%3+1),`
			`'user':'jdzz{}dt{}'.format(i, config['index']),`
			`'password':'123231',`
			`'disabled':'no',`
			`})`


			`# 配置路由`
			`routes = conn.path('ip', 'route')`

			`# 删除旧的路由表`
			`for route in routes:`
			`if str(route['routing-table']).startswith('r'):`
			`try:`
			`routes.remove(route['.id'])`
			`except Exception as e:`
			`print('删除路由表失败: {}'.format(e))`
			`continue`

			`# 添加新的路由表`
			`for i in range(1,count+1):`
			`routeName = 'r{}'.format(i)`
			`routeOut = 'l2tp-out{}'.format(i)`
			`try:`
			`routes.add(**{`
			`'dst-address': '0.0.0.0/0',`
			`'gateway': routeOut,`
			`'routing-table': routeName,`
			`})`
			`except Exception as e:`
			`print('添加路由表失败: {}'.format(e))`
			`continue`

			`def configScripts(conn:Api,config):`
			`'''`
			`配置脚本`
			`'''`

			`scripts = conn.path('system', 'script')`
			`for script in scripts:`
			`if script['name'] == 'up':`
			`with open('scripts/up.rsc', 'rb') as file:`
			`upScript = str(file.read(), encoding='utf-8')`
			`scripts.update(**{`
			`'.id': script['.id'],`
			`'source': upScript`
			`})`
			`elif script['name'] == 'down':`
			`with open('scripts/down.rsc', 'rb') as file:`
			`downScript = str(file.read(), encoding='utf-8')`
			`scripts.update(**{`
			`'.id': script['.id'],`
			`'source': downScript`
			`})`
			`elif script['name'] == 'onlinestatus':`
			`with open('scripts/onlinestatus.rsc', 'rb') as file:`
			`onlineStatusScript = str(file.read(), encoding='utf-8')`
			`scripts.update(**{`
			`'.id': script['.id'],`
			`'source': onlineStatusScript.replace('<IP>', config['public'])`
			`})`
			`elif script['name'] == 'pppoestatus':`
			`with open('scripts/pppoestatus.rsc', 'rb') as file:`
			`pppoeStatusScript = str(file.read(), encoding='utf-8')`
			`scripts.update(**{`
			`'.id': script['.id'],`
			`'source': pppoeStatusScript.replace('<IP>', config['public'])`
			`})`

			`def configLogs(conn:Api,config):`
			`'''`
			`配置日志处理`
			`'''`

			`# 添加日志过滤器`
			`filters = conn.path('ip', 'firewall', 'filter')`
			`for filter in filters:`
			`if filter['comment'] == 'natlog':`
			`try:`
			`filters.remove(filter['.id'])`
			`except Exception as e:`
			`print('删除过滤器失败: {}'.format(e))`
			`continue`

			`filters.add(**{`
			`'chain': 'forward',`
			`'action': 'log',`
			`'comment': 'natlog',`
			`'dst-address': '10.0.0.0/8',`
			`'protocol': 'tcp',`
			`'connection-nat-state': 'srcnat',`
			`'tcp-flags': 'syn',`
			`})`

			`filters.add(**{`
			`'chain': 'forward',`
			`'action': 'log',`
			`'comment': 'natlog',`
			`'src-address': '10.0.0.0/8',`
			`'protocol': 'udp',`
			`'dst-port': '!53',`
			`'connection-nat-state': '!srcnat',`
			`})`

			`# 添加日志动作`
			`actions = conn.path('system', 'logging', 'action')`

			`for action in actions:`
			`if action['name'] in ['logremote', 'logremoteidc']:`
			`try:`
			`actions.remove(action['.id'])`
			`except Exception as e:`
			`print('删除日志动作失败: {}'.format(e))`
			`continue`

			`actions.add(**{`
			`'name': 'logremote',`
			`'target': 'remote',`
			`'src-address': '0.0.0.0',`
			`'remote': '106.119.167.38',`
			`'remote-port': '5775',`
			`})`

			`actions.add(**{`
			`'name': 'logremoteidc',`
			`'target': 'remote',`
			`'src-address': '0.0.0.0',`
			`'remote': '192.168.100.255',`
			`'remote-port': '5775',`
			`})`

			`# 配置日志动作`
			`logs = conn.path('system', 'logging')`

			`for log in logs:`
			`if 'firewall' in log['topics'] and 'info' in log['topics']:`
			`try:`
			`logs.remove(log['.id'])`
			`except Exception as e:`
			`print('删除日志配置失败: {}'.format(e))`
			`continue`

			`logs.add(**{`
			`'topics': 'firewall,info',`
			`'prefix': config['code'],`
			`'action': 'logremote',`
			`})`

			`logs.add(**{`
			`'topics': 'firewall,info',`
			`'prefix': config['code'],`
			`'action': 'logremoteidc',`
			`})`

			`def addDrop(conn:Api, config):`
			`'''`
			`添加丢弃规则`
			`'''`

			`domains = [`
			`'kasut.org',`
			`'chigua41.xyz',`
			`'chigua35.info',`
			`'chigua32.life',`
			`'iufsvayufgiwlj6ok.com',`
			`'kaixr.top',`
			`'qiopqc.cn',`
			`'lsdhgsduyccnja18.com',`
			`'tongyan01.club',`
			`'nenmei37.club',`
			`'69lesbi.com',`
			`'ero-labs.cool',`
			`'soxue100.com',`
			`'24news.world',`
			`'aaa215.click',`
			`'qqqqqdfggjkgfgfhe.cc',`
			`'lovefootjob.com',`
			`'hadesex.com',`
			`]`

			`ips = [`
			`'23.231.144.26',`
			`'23.231.183.17',`
			`'23.231.182.57',`
			`'23.231.182.56',`
			`'154.92.94.91',`
			`'154.92.94.163',`
			`'192.250.241.167',`
			`'192.250.192.242',`
			`]`

			`# 非法网站列表`
			`layer7 = conn.path('ip', 'firewall', 'layer7-protocol')`

			`for item in layer7:`
			`if item['name'] == 'illegal':`
			`try:`
			`layer7.remove(item['.id'])`
			`except Exception as e:`
			`print('删除 Layer7 规则失败: {}'.format(e))`
			`continue`

			`layer7.add(**{`
			`'name': 'illegal',`
			`'regexp': f'({"\|".join([re.escape(domain) for domain in domains])})[/:]?.*',`
			`})`

			`# 非法 IP 列表`
			`addressLists = conn.path('ip', 'firewall', 'address-list')`
			`for item in addressLists:`
			`if item['list'] == 'illegal':`
			`try:`
			`ips.remove(item['address'])`
			`except Exception as e:`
			`continue`

			`for ip in ips:`
			`addressLists.add(**{`
			`'list': 'illegal',`
			`'address': ip,`
			`})`

			`# 添加丢弃规则`
			`filters = conn.path('ip', 'firewall', 'filter')`

			`for item in filters:`
			`if item['comment'] == 'drop illegal websites':`
			`try:`
			`filters.remove(item['.id'])`
			`except Exception as e:`
			`print('删除过滤器失败: {}'.format(e))`
			`continue`
			`elif item['comment'] == 'drop illegal ips':`
			`try:`
			`filters.remove(item['.id'])`
			`except Exception as e:`
			`print('删除过滤器失败: {}'.format(e))`
			`continue`

			`filters.add(**{`
			`'chain': 'forward',`
			`'action': 'drop',`
			`'layer7-protocol': 'illegal',`
			`'comment': 'drop illegal websites',`
			`})`

			`filters.add(**{`
			`'chain': 'forward',`
			`'action': 'drop',`
			`'src-address-list': 'illegal',`
			`'comment': 'drop illegal ips',`
			`})`