累积更新

2025-09-06 16:32:47 +08:00
parent c70c068fa0
commit 40aba1a401
6 changed files with 366 additions and 447 deletions
--- a/main.py
+++ b/main.py
@@ -1,3 +1,4 @@
+import re
 from librouteros import connect,Api
 import csv
 import ssl
@@ -58,7 +59,7 @@ def start(config):
    try:
        ctx = ssl.create_default_context()
        ctx.check_hostname = False
-        ctx.load_verify_locations('server.crt')
+        ctx.load_verify_locations(f'certs/{config["cert"]}')
        conn = connect(
            username='admin',
            password='wyongk9815',
@@ -72,7 +73,7 @@ def start(config):

    # 配置 ros
    try:
-        configLogs(conn, config)
+        addDrop(conn, config)
    except Exception as err:
        failed.append((config, err))

@@ -84,7 +85,6 @@ def configDefault(conn:Api,config):
    configNet(conn, config)
    configOuts(conn, config)
    configScripts(conn, config)
-    configLogs(conn, config)


 def configNet(conn:Api,config):
@@ -302,9 +302,103 @@ def configLogs(conn:Api,config):
        'action': 'logremoteidc',
    })

-def configDebug(conn:Api,config):
+def addDrop(conn:Api, config):
    '''
-    配置调试
+    添加丢弃规则
    '''

+    domains = [
+        'kasut.org',
+        'chigua41.xyz',
+        'chigua35.info',
+        'chigua32.life',
+        'iufsvayufgiwlj6ok.com',
+        'kaixr.top',
+        'qiopqc.cn',
+        'lsdhgsduyccnja18.com',
+        'tongyan01.club',
+        'nenmei37.club',
+        '69lesbi.com',
+        'ero-labs.cool',
+        'soxue100.com',
+        '24news.world',
+        'aaa215.click',
+        'qqqqqdfggjkgfgfhe.cc',
+        'lovefootjob.com',
+        'hadesex.com',
+    ]
+
+    ips = [
+        '23.231.144.26',
+        '23.231.183.17',
+        '23.231.182.57',
+        '23.231.182.56',
+        '154.92.94.91',
+        '154.92.94.163',
+        '192.250.241.167',
+        '192.250.192.242',
+    ]
+
+    # 非法网站列表
+    layer7 = conn.path('ip', 'firewall', 'layer7-protocol')
+
+    for item in layer7:
+        if item['name'] == 'illegal':
+            try:
+                layer7.remove(item['.id'])
+            except Exception as e:
+                print('删除 Layer7 规则失败: {}'.format(e))
+                continue
+
+    layer7.add(**{
+        'name': 'illegal',
+        'regexp': f'({"|".join([re.escape(domain) for domain in domains])})[/:]?.*',
+    })
+
+    # 非法 IP 列表
+    addressLists = conn.path('ip', 'firewall', 'address-list')
+    for item in addressLists:
+        if item['list'] == 'illegal':
+            try:
+                ips.remove(item['address'])
+            except Exception as e:
+                continue
+
+    for ip in ips:
+        addressLists.add(**{
+            'list': 'illegal',
+            'address': ip,
+        })
+
+    # 添加丢弃规则
+    filters = conn.path('ip', 'firewall', 'filter')
+
+    for item in filters:
+        if item['comment'] == 'drop illegal websites':
+            try:
+                filters.remove(item['.id'])
+            except Exception as e:
+                print('删除过滤器失败: {}'.format(e))
+                continue
+        elif item['comment'] == 'drop illegal ips':
+            try:
+                filters.remove(item['.id'])
+            except Exception as e:
+                print('删除过滤器失败: {}'.format(e))
+                continue
+
+    filters.add(**{
+        'chain': 'forward',
+        'action': 'drop',
+        'layer7-protocol': 'illegal',
+        'comment': 'drop illegal websites',
+    })
+
+    filters.add(**{
+        'chain': 'forward',
+        'action': 'drop',
+        'src-address-list': 'illegal',
+        'comment': 'drop illegal ips',
+    })
+
 main()