区分极狐极光配置
This commit is contained in:
743
steps.py
743
steps.py
@@ -1,371 +1,466 @@
|
||||
import re
|
||||
from librouteros import connect,Api
|
||||
|
||||
def configDefault(conn:Api,config):
|
||||
configNet(conn, config)
|
||||
configOuts(conn, config)
|
||||
configScripts(conn, config)
|
||||
from librouteros import Api
|
||||
|
||||
'''
|
||||
配置步骤,每个步骤都可以安全幂等执行,配置混合节点的出口的函数可能会很慢,因为出口比较多
|
||||
'''
|
||||
|
||||
def configNet(conn:Api,config):
|
||||
'''
|
||||
配置网络
|
||||
'''
|
||||
|
||||
# 配置路由
|
||||
routes = conn.path('ip', 'route')
|
||||
for route in routes:
|
||||
if route['routing-table'] == '1':
|
||||
try:
|
||||
routes.update(**{
|
||||
'.id': route['.id'],
|
||||
'gateway': config['gateway']
|
||||
})
|
||||
except Exception as e:
|
||||
print('更新默认路由失败: {}'.format(e))
|
||||
continue
|
||||
try:
|
||||
# 配置路由
|
||||
routes = conn.path('ip', 'route')
|
||||
for route in routes:
|
||||
if route['routing-table'] == '1':
|
||||
try:
|
||||
routes.update(**{
|
||||
'.id': route['.id'],
|
||||
'gateway': config['gateway']
|
||||
})
|
||||
except Exception as e:
|
||||
print('更新默认路由失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 配置地址
|
||||
addrs = conn.path('ip', 'address')
|
||||
for addr in addrs:
|
||||
if addr['interface'] == 'lan':
|
||||
try:
|
||||
addrs.update(**{
|
||||
'.id': addr['.id'],
|
||||
'address': config['private']
|
||||
})
|
||||
except Exception as e:
|
||||
print('更新 WAN 地址失败: {}'.format(e))
|
||||
continue
|
||||
# 配置地址
|
||||
addrs = conn.path('ip', 'address')
|
||||
for addr in addrs:
|
||||
if addr['interface'] == 'lan':
|
||||
try:
|
||||
addrs.update(**{
|
||||
'.id': addr['.id'],
|
||||
'address': config['private']
|
||||
})
|
||||
except Exception as e:
|
||||
print('更新 WAN 地址失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 刷新 mac 地址
|
||||
eths = conn.path('interface', 'ethernet')
|
||||
for eth in eths:
|
||||
if eth['name'] == 'lan':
|
||||
tuple(eths('reset-mac-address', **{
|
||||
'.id': eth['.id']
|
||||
}))
|
||||
# 刷新 mac 地址
|
||||
eths = conn.path('interface', 'ethernet')
|
||||
for eth in eths:
|
||||
if eth['name'] == 'lan':
|
||||
tuple(eths('reset-mac-address', **{
|
||||
'.id': eth['.id']
|
||||
}))
|
||||
except Exception as e:
|
||||
raise RuntimeError(f'配置网络失败: {e}')
|
||||
|
||||
def configOuts(conn:Api,config):
|
||||
# ====================
|
||||
# 极狐配置
|
||||
# ====================
|
||||
|
||||
def configJhOuts(conn:Api,config):
|
||||
'''
|
||||
配置 vpn 出口负载均衡
|
||||
'''
|
||||
count = 20
|
||||
|
||||
# 配置 ppp
|
||||
ppps = conn.path('interface', 'l2tp-client')
|
||||
try:
|
||||
count = 20
|
||||
|
||||
# 删除旧的 ppp
|
||||
for ppp in ppps:
|
||||
if ppp['name'].startswith('l2tp-out'):
|
||||
try:
|
||||
ppps.remove(ppp['.id'])
|
||||
except Exception as e:
|
||||
print('删除 PPP 失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 添加新的 ppp
|
||||
for i in range(1, count+1):
|
||||
ppps.add(**{
|
||||
'name':'l2tp-out{}'.format(i),
|
||||
'connect-to':'192.168.25{}.25{}'.format((i-1)%3+1, (i-1)%3+1),
|
||||
'user':'jdzz{}dt{}'.format(i, config['index']),
|
||||
'password':'123231',
|
||||
'disabled':'no',
|
||||
})
|
||||
|
||||
|
||||
# 配置路由
|
||||
routes = conn.path('ip', 'route')
|
||||
|
||||
# 删除旧的路由表
|
||||
for route in routes:
|
||||
if str(route['routing-table']).startswith('r'):
|
||||
try:
|
||||
routes.remove(route['.id'])
|
||||
except Exception as e:
|
||||
print('删除路由表失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 添加新的路由表
|
||||
for i in range(1,count+1):
|
||||
routeName = 'r{}'.format(i)
|
||||
routeOut = 'l2tp-out{}'.format(i)
|
||||
try:
|
||||
routes.add(**{
|
||||
'dst-address': '0.0.0.0/0',
|
||||
'gateway': routeOut,
|
||||
'routing-table': routeName,
|
||||
})
|
||||
except Exception as e:
|
||||
print('添加路由表失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
def configOutsMix(conn:Api,config):
|
||||
ppps = conn.path('interface', 'l2tp-client')
|
||||
for ppp in ppps:
|
||||
if ppp['name'].startswith('l2tp-out'):
|
||||
try:
|
||||
ppps.remove(ppp['.id'])
|
||||
except Exception as e:
|
||||
print('删除 PPP 失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
for i in range(30):
|
||||
for j in range(10):
|
||||
n = j*30 + i
|
||||
k = n%3 + 1
|
||||
# 配置 ppp
|
||||
ppps = conn.path('interface', 'l2tp-client')
|
||||
|
||||
# 删除旧的 ppp
|
||||
for ppp in ppps:
|
||||
if ppp['name'].startswith('l2tp-out'):
|
||||
try:
|
||||
ppps.remove(ppp['.id'])
|
||||
except Exception as e:
|
||||
print('删除 PPP 失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 添加新的 ppp
|
||||
for i in range(1, count+1):
|
||||
ppps.add(**{
|
||||
'name':f'l2tp-out{n+1}',
|
||||
'connect-to':f'192.168.25{k}.25{k}',
|
||||
'user':f'jdzz{j+11}dt{i+221}',
|
||||
'name':'l2tp-out{}'.format(i),
|
||||
'connect-to':'192.168.25{}.25{}'.format((i-1)%3+1, (i-1)%3+1),
|
||||
'user':'jdzz{}dt{}'.format(i, config['index']),
|
||||
'password':'123231',
|
||||
'disabled':'no',
|
||||
})
|
||||
|
||||
|
||||
routes = conn.path('ip', 'route')
|
||||
for route in routes:
|
||||
if str(route['routing-table']).startswith('r'):
|
||||
# 配置路由
|
||||
routes = conn.path('ip', 'route')
|
||||
|
||||
# 删除旧的路由表
|
||||
for route in routes:
|
||||
if str(route['routing-table']).startswith('r'):
|
||||
try:
|
||||
routes.remove(route['.id'])
|
||||
except Exception as e:
|
||||
print('删除路由表失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 添加新的路由表
|
||||
for i in range(1,count+1):
|
||||
routeName = 'r{}'.format(i)
|
||||
routeOut = 'l2tp-out{}'.format(i)
|
||||
try:
|
||||
routes.remove(route['.id'])
|
||||
routes.add(**{
|
||||
'dst-address': '0.0.0.0/0',
|
||||
'gateway': routeOut,
|
||||
'routing-table': routeName,
|
||||
})
|
||||
except Exception as e:
|
||||
print('删除路由表失败: {}'.format(e))
|
||||
print('添加路由表失败: {}'.format(e))
|
||||
continue
|
||||
except Exception as e:
|
||||
raise RuntimeError(f'配置出口失败: {e}')
|
||||
|
||||
for i in range(300):
|
||||
routeName = f'r{i+1}'
|
||||
routeOut = f'l2tp-out{i+1}'
|
||||
try:
|
||||
routes.add(**{
|
||||
'dst-address': '0.0.0.0/0',
|
||||
'gateway': routeOut,
|
||||
'routing-table': routeName,
|
||||
})
|
||||
except Exception as e:
|
||||
print('添加路由表失败: {}'.format(e))
|
||||
continue
|
||||
def configJhMixOuts(conn:Api,config):
|
||||
'''
|
||||
配置 vpn 出口负载均衡 (混合模式)
|
||||
'''
|
||||
|
||||
try:
|
||||
ppps = conn.path('interface', 'l2tp-client')
|
||||
for ppp in ppps:
|
||||
if ppp['name'].startswith('l2tp-out'):
|
||||
try:
|
||||
ppps.remove(ppp['.id'])
|
||||
except Exception as e:
|
||||
print('删除 PPP 失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
for i in range(30):
|
||||
for j in range(10):
|
||||
n = j*30 + i
|
||||
k = n%3 + 1
|
||||
|
||||
def configScripts(conn:Api,config):
|
||||
ppps.add(**{
|
||||
'name':f'l2tp-out{n+1}',
|
||||
'connect-to':f'192.168.25{k}.25{k}',
|
||||
'user':f'jdzz{j+11}dt{i+221}',
|
||||
'password':'123231',
|
||||
'disabled':'no',
|
||||
})
|
||||
|
||||
routes = conn.path('ip', 'route')
|
||||
for route in routes:
|
||||
if str(route['routing-table']).startswith('r'):
|
||||
try:
|
||||
routes.remove(route['.id'])
|
||||
except Exception as e:
|
||||
print('删除路由表失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
for i in range(300):
|
||||
routeName = f'r{i+1}'
|
||||
routeOut = f'l2tp-out{i+1}'
|
||||
try:
|
||||
routes.add(**{
|
||||
'dst-address': '0.0.0.0/0',
|
||||
'gateway': routeOut,
|
||||
'routing-table': routeName,
|
||||
})
|
||||
except Exception as e:
|
||||
print('添加路由表失败: {}'.format(e))
|
||||
continue
|
||||
except Exception as e:
|
||||
raise RuntimeError(f'配置出口失败: {e}')
|
||||
|
||||
def configJhScripts(conn:Api,config):
|
||||
'''
|
||||
配置脚本
|
||||
'''
|
||||
|
||||
# 配置脚本
|
||||
scripts = conn.path('system', 'script')
|
||||
for script in scripts:
|
||||
if script['name'] == 'up':
|
||||
with open('scripts/up.rsc', 'rb') as file:
|
||||
upScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': upScript
|
||||
})
|
||||
elif script['name'] == 'down':
|
||||
with open('scripts/down.rsc', 'rb') as file:
|
||||
downScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': downScript
|
||||
})
|
||||
elif script['name'] == 'onlinestatus':
|
||||
with open('scripts/onlinestatus.rsc', 'rb') as file:
|
||||
onlineStatusScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': onlineStatusScript.replace('<IP>', config['public'])
|
||||
})
|
||||
elif script['name'] == 'pppoestatus':
|
||||
with open('scripts/pppoestatus.rsc', 'rb') as file:
|
||||
pppoeStatusScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': pppoeStatusScript.replace('<IP>', config['public'])
|
||||
})
|
||||
try:
|
||||
# 配置脚本
|
||||
scripts = conn.path('system', 'script')
|
||||
for script in scripts:
|
||||
if script['name'] == 'up':
|
||||
with open('scripts/up.rsc', 'rb') as file:
|
||||
upScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': upScript
|
||||
})
|
||||
elif script['name'] == 'down':
|
||||
with open('scripts/down.rsc', 'rb') as file:
|
||||
downScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': downScript
|
||||
})
|
||||
elif script['name'] == 'onlinestatus':
|
||||
with open('scripts/onlinestatus.rsc', 'rb') as file:
|
||||
onlineStatusScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': onlineStatusScript.replace('<IP>', config['public'])
|
||||
})
|
||||
elif script['name'] == 'pppoestatus':
|
||||
with open('scripts/pppoestatus.rsc', 'rb') as file:
|
||||
pppoeStatusScript = str(file.read(), encoding='utf-8')
|
||||
scripts.update(**{
|
||||
'.id': script['.id'],
|
||||
'source': pppoeStatusScript.replace('<IP>', config['public'])
|
||||
})
|
||||
|
||||
# todo 配置计划任务
|
||||
# todo 配置计划任务
|
||||
|
||||
except Exception as e:
|
||||
raise RuntimeError(f'配置脚本失败: {e}')
|
||||
|
||||
def configLogs(conn:Api,config):
|
||||
def configJhLogs(conn:Api,config):
|
||||
'''
|
||||
配置日志处理
|
||||
'''
|
||||
|
||||
# 添加日志过滤器
|
||||
filters = conn.path('ip', 'firewall', 'filter')
|
||||
for filter in filters:
|
||||
if filter['comment'] == 'natlog':
|
||||
try:
|
||||
filters.remove(filter['.id'])
|
||||
except Exception as e:
|
||||
print('删除过滤器失败: {}'.format(e))
|
||||
continue
|
||||
try:
|
||||
# 添加日志过滤器
|
||||
filters = conn.path('ip', 'firewall', 'filter')
|
||||
for filter in filters:
|
||||
if filter['comment'] == 'natlog':
|
||||
try:
|
||||
filters.remove(filter['.id'])
|
||||
except Exception as e:
|
||||
print('删除过滤器失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'log',
|
||||
'comment': 'natlog',
|
||||
'dst-address': '10.0.0.0/8',
|
||||
'protocol': 'tcp',
|
||||
'connection-nat-state': 'srcnat',
|
||||
'tcp-flags': 'syn',
|
||||
})
|
||||
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'log',
|
||||
'comment': 'natlog',
|
||||
'src-address': '10.0.0.0/8',
|
||||
'protocol': 'udp',
|
||||
'dst-port': '!53',
|
||||
'connection-nat-state': '!srcnat',
|
||||
})
|
||||
|
||||
# 添加日志动作
|
||||
actions = conn.path('system', 'logging', 'action')
|
||||
|
||||
for action in actions:
|
||||
if action['name'] in ['logremote', 'logremoteidc']:
|
||||
try:
|
||||
actions.remove(action['.id'])
|
||||
except Exception as e:
|
||||
print('删除日志动作失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
actions.add(**{
|
||||
'name': 'logremote',
|
||||
'target': 'remote',
|
||||
'src-address': '0.0.0.0',
|
||||
'remote': '106.119.167.38',
|
||||
'remote-port': '5775',
|
||||
})
|
||||
|
||||
actions.add(**{
|
||||
'name': 'logremoteidc',
|
||||
'target': 'remote',
|
||||
'src-address': '0.0.0.0',
|
||||
'remote': '192.168.100.255',
|
||||
'remote-port': '5775',
|
||||
})
|
||||
|
||||
# 配置日志动作
|
||||
logs = conn.path('system', 'logging')
|
||||
|
||||
for log in logs:
|
||||
if 'firewall' in log['topics'] and 'info' in log['topics']:
|
||||
try:
|
||||
logs.remove(log['.id'])
|
||||
except Exception as e:
|
||||
print('删除日志配置失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
logs.add(**{
|
||||
'topics': 'firewall,info',
|
||||
'prefix': config['code'],
|
||||
'action': 'logremote',
|
||||
})
|
||||
|
||||
logs.add(**{
|
||||
'topics': 'firewall,info',
|
||||
'prefix': config['code'],
|
||||
'action': 'logremoteidc',
|
||||
})
|
||||
|
||||
def configDrop(conn:Api, config):
|
||||
'''
|
||||
添加丢弃规则
|
||||
'''
|
||||
|
||||
domains = [
|
||||
'kasut.org',
|
||||
'chigua41.xyz',
|
||||
'chigua35.info',
|
||||
'chigua32.life',
|
||||
'iufsvayufgiwlj6ok.com',
|
||||
'kaixr.top',
|
||||
'qiopqc.cn',
|
||||
'lsdhgsduyccnja18.com',
|
||||
'tongyan01.club',
|
||||
'nenmei37.club',
|
||||
'69lesbi.com',
|
||||
'ero-labs.cool',
|
||||
'soxue100.com',
|
||||
'24news.world',
|
||||
'aaa215.click',
|
||||
'qqqqqdfggjkgfgfhe.cc',
|
||||
'lovefootjob.com',
|
||||
'hadesex.com',
|
||||
]
|
||||
|
||||
ips = [
|
||||
'23.231.144.26',
|
||||
'23.231.183.17',
|
||||
'23.231.182.57',
|
||||
'23.231.182.56',
|
||||
'154.92.94.91',
|
||||
'154.92.94.163',
|
||||
'192.250.241.167',
|
||||
'192.250.192.242',
|
||||
]
|
||||
|
||||
# 非法网站列表
|
||||
layer7 = conn.path('ip', 'firewall', 'layer7-protocol')
|
||||
|
||||
for item in layer7:
|
||||
if item['name'] == 'illegal':
|
||||
try:
|
||||
layer7.remove(item['.id'])
|
||||
except Exception as e:
|
||||
print('删除 Layer7 规则失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
layer7.add(**{
|
||||
'name': 'illegal',
|
||||
'regexp': f'({"|".join([re.escape(domain) for domain in domains])})[/:]?.*',
|
||||
})
|
||||
|
||||
# 非法 IP 列表
|
||||
addressLists = conn.path('ip', 'firewall', 'address-list')
|
||||
for item in addressLists:
|
||||
if item['list'] == 'illegal':
|
||||
try:
|
||||
ips.remove(item['address'])
|
||||
except Exception as e:
|
||||
continue
|
||||
|
||||
for ip in ips:
|
||||
addressLists.add(**{
|
||||
'list': 'illegal',
|
||||
'address': ip,
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'log',
|
||||
'comment': 'natlog',
|
||||
'dst-address': '10.0.0.0/8',
|
||||
'protocol': 'tcp',
|
||||
'connection-nat-state': 'srcnat',
|
||||
'tcp-flags': 'syn',
|
||||
})
|
||||
|
||||
# 添加丢弃规则
|
||||
filters = conn.path('ip', 'firewall', 'filter')
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'log',
|
||||
'comment': 'natlog',
|
||||
'src-address': '10.0.0.0/8',
|
||||
'protocol': 'udp',
|
||||
'dst-port': '!53',
|
||||
'connection-nat-state': '!srcnat',
|
||||
})
|
||||
|
||||
for item in filters:
|
||||
if item['comment'] == 'drop illegal websites':
|
||||
# 添加日志动作
|
||||
actions = conn.path('system', 'logging', 'action')
|
||||
|
||||
for action in actions:
|
||||
if action['name'] in ['logremote', 'logremoteidc']:
|
||||
try:
|
||||
actions.remove(action['.id'])
|
||||
except Exception as e:
|
||||
print('删除日志动作失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
actions.add(**{
|
||||
'name': 'logremote',
|
||||
'target': 'remote',
|
||||
'src-address': '0.0.0.0',
|
||||
'remote': '106.119.167.38',
|
||||
'remote-port': '5775',
|
||||
})
|
||||
|
||||
actions.add(**{
|
||||
'name': 'logremoteidc',
|
||||
'target': 'remote',
|
||||
'src-address': '0.0.0.0',
|
||||
'remote': '192.168.100.255',
|
||||
'remote-port': '5775',
|
||||
})
|
||||
|
||||
# 配置日志动作
|
||||
logs = conn.path('system', 'logging')
|
||||
|
||||
for log in logs:
|
||||
if 'firewall' in log['topics'] and 'info' in log['topics']:
|
||||
try:
|
||||
logs.remove(log['.id'])
|
||||
except Exception as e:
|
||||
print('删除日志配置失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
logs.add(**{
|
||||
'topics': 'firewall,info',
|
||||
'prefix': config['code'],
|
||||
'action': 'logremote',
|
||||
})
|
||||
|
||||
logs.add(**{
|
||||
'topics': 'firewall,info',
|
||||
'prefix': config['code'],
|
||||
'action': 'logremoteidc',
|
||||
})
|
||||
except Exception as e:
|
||||
raise RuntimeError(f'配置日志处理失败: {e}')
|
||||
|
||||
def configJhDrop(conn:Api, config):
|
||||
'''
|
||||
配置丢弃规则
|
||||
'''
|
||||
|
||||
try:
|
||||
domains = [
|
||||
'kasut.org',
|
||||
'chigua41.xyz',
|
||||
'chigua35.info',
|
||||
'chigua32.life',
|
||||
'iufsvayufgiwlj6ok.com',
|
||||
'kaixr.top',
|
||||
'qiopqc.cn',
|
||||
'lsdhgsduyccnja18.com',
|
||||
'tongyan01.club',
|
||||
'nenmei37.club',
|
||||
'69lesbi.com',
|
||||
'ero-labs.cool',
|
||||
'soxue100.com',
|
||||
'24news.world',
|
||||
'aaa215.click',
|
||||
'qqqqqdfggjkgfgfhe.cc',
|
||||
'lovefootjob.com',
|
||||
'hadesex.com',
|
||||
]
|
||||
|
||||
ips = [
|
||||
'23.231.144.26',
|
||||
'23.231.183.17',
|
||||
'23.231.182.57',
|
||||
'23.231.182.56',
|
||||
'154.92.94.91',
|
||||
'154.92.94.163',
|
||||
'192.250.241.167',
|
||||
'192.250.192.242',
|
||||
]
|
||||
|
||||
# 非法网站列表
|
||||
layer7 = conn.path('ip', 'firewall', 'layer7-protocol')
|
||||
|
||||
for item in layer7:
|
||||
if item['name'] == 'illegal':
|
||||
try:
|
||||
layer7.remove(item['.id'])
|
||||
except Exception as e:
|
||||
print('删除 Layer7 规则失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
layer7.add(**{
|
||||
'name': 'illegal',
|
||||
'regexp': f'({"|".join([re.escape(domain) for domain in domains])})[/:]?.*',
|
||||
})
|
||||
|
||||
# 非法 IP 列表
|
||||
addressLists = conn.path('ip', 'firewall', 'address-list')
|
||||
for item in addressLists:
|
||||
if item['list'] == 'illegal':
|
||||
try:
|
||||
ips.remove(item['address'])
|
||||
except Exception as e:
|
||||
continue
|
||||
|
||||
for ip in ips:
|
||||
addressLists.add(**{
|
||||
'list': 'illegal',
|
||||
'address': ip,
|
||||
})
|
||||
|
||||
# 添加丢弃规则
|
||||
filters = conn.path('ip', 'firewall', 'filter')
|
||||
|
||||
for item in filters:
|
||||
if item['comment'] == 'drop illegal websites':
|
||||
try:
|
||||
filters.remove(item['.id'])
|
||||
except Exception as e:
|
||||
print('删除过滤器失败: {}'.format(e))
|
||||
continue
|
||||
elif item['comment'] == 'drop illegal ips':
|
||||
try:
|
||||
filters.remove(item['.id'])
|
||||
except Exception as e:
|
||||
print('删除过滤器失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'drop',
|
||||
'layer7-protocol': 'illegal',
|
||||
'comment': 'drop illegal websites',
|
||||
})
|
||||
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'drop',
|
||||
'src-address-list': 'illegal',
|
||||
'comment': 'drop illegal ips',
|
||||
})
|
||||
except Exception as e:
|
||||
raise RuntimeError(f'配置丢弃规则失败: {e}')
|
||||
|
||||
# ====================
|
||||
# 极光配置
|
||||
# ====================
|
||||
|
||||
def configJgOuts(conn:Api,config):
|
||||
'''
|
||||
配置 vpn 出口负载均衡
|
||||
'''
|
||||
|
||||
try:
|
||||
count = 20
|
||||
|
||||
# 配置 ppp
|
||||
ppps = conn.path('interface', 'l2tp-client')
|
||||
|
||||
# 删除旧的 ppp
|
||||
for ppp in ppps:
|
||||
if ppp['name'].startswith('l2tp-out'):
|
||||
try:
|
||||
ppps.remove(ppp['.id'])
|
||||
except Exception as e:
|
||||
print('删除 PPP 失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 添加新的 ppp
|
||||
for i in range(1, count+1):
|
||||
ppps.add(**{
|
||||
'name':'l2tp-out{}'.format(i),
|
||||
'connect-to':'192.168.25{}.25{}'.format((i-1)%3+1, (i-1)%3+1),
|
||||
'user':'jdzz{}dt{}'.format(i, config['index']),
|
||||
'password':'123231',
|
||||
'disabled':'no',
|
||||
})
|
||||
|
||||
|
||||
# 配置路由
|
||||
routes = conn.path('ip', 'route')
|
||||
|
||||
# 删除旧的路由表
|
||||
for route in routes:
|
||||
if str(route['routing-table']).startswith('r'):
|
||||
try:
|
||||
routes.remove(route['.id'])
|
||||
except Exception as e:
|
||||
print('删除路由表失败: {}'.format(e))
|
||||
continue
|
||||
|
||||
# 添加新的路由表
|
||||
for i in range(1,count+1):
|
||||
routeName = 'r{}'.format(i)
|
||||
routeOut = 'l2tp-out{}'.format(i)
|
||||
try:
|
||||
filters.remove(item['.id'])
|
||||
routes.add(**{
|
||||
'dst-address': '0.0.0.0/0',
|
||||
'gateway': routeOut,
|
||||
'routing-table': routeName,
|
||||
})
|
||||
except Exception as e:
|
||||
print('删除过滤器失败: {}'.format(e))
|
||||
continue
|
||||
elif item['comment'] == 'drop illegal ips':
|
||||
try:
|
||||
filters.remove(item['.id'])
|
||||
except Exception as e:
|
||||
print('删除过滤器失败: {}'.format(e))
|
||||
print('添加路由表失败: {}'.format(e))
|
||||
continue
|
||||
except Exception as e:
|
||||
raise RuntimeError(f'配置出口失败: {e}')
|
||||
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'drop',
|
||||
'layer7-protocol': 'illegal',
|
||||
'comment': 'drop illegal websites',
|
||||
})
|
||||
# ====================
|
||||
# 临时
|
||||
# ====================
|
||||
|
||||
filters.add(**{
|
||||
'chain': 'forward',
|
||||
'action': 'drop',
|
||||
'src-address-list': 'illegal',
|
||||
'comment': 'drop illegal ips',
|
||||
})
|
||||
def temp(conn:Api,config):
|
||||
ppps = conn.path('interface', 'l2tp-client')
|
||||
Reference in New Issue
Block a user