import re from librouteros import connect,Api def configDefault(conn:Api,config): configNet(conn, config) configOuts(conn, config) configScripts(conn, config) def configNet(conn:Api,config): ''' 配置网络 ''' # 配置路由 routes = conn.path('ip', 'route') for route in routes: if route['routing-table'] == '1': try: routes.update(**{ '.id': route['.id'], 'gateway': config['gateway'] }) except Exception as e: print('更新默认路由失败: {}'.format(e)) continue # 配置地址 addrs = conn.path('ip', 'address') for addr in addrs: if addr['interface'] == 'lan': try: addrs.update(**{ '.id': addr['.id'], 'address': config['private'] }) except Exception as e: print('更新 WAN 地址失败: {}'.format(e)) continue # 刷新 mac 地址 eths = conn.path('interface', 'ethernet') for eth in eths: if eth['name'] == 'lan': tuple(eths('reset-mac-address', **{ '.id': eth['.id'] })) def configOuts(conn:Api,config): ''' 配置 vpn 出口负载均衡 ''' count = 20 # 配置 ppp ppps = conn.path('interface', 'l2tp-client') # 删除旧的 ppp for ppp in ppps: if ppp['name'].startswith('l2tp-out'): try: ppps.remove(ppp['.id']) except Exception as e: print('删除 PPP 失败: {}'.format(e)) continue # 添加新的 ppp for i in range(1, count+1): ppps.add(**{ 'name':'l2tp-out{}'.format(i), 'connect-to':'192.168.25{}.25{}'.format((i-1)%3+1, (i-1)%3+1), 'user':'jdzz{}dt{}'.format(i, config['index']), 'password':'123231', 'disabled':'no', }) # 配置路由 routes = conn.path('ip', 'route') # 删除旧的路由表 for route in routes: if str(route['routing-table']).startswith('r'): try: routes.remove(route['.id']) except Exception as e: print('删除路由表失败: {}'.format(e)) continue # 添加新的路由表 for i in range(1,count+1): routeName = 'r{}'.format(i) routeOut = 'l2tp-out{}'.format(i) try: routes.add(**{ 'dst-address': '0.0.0.0/0', 'gateway': routeOut, 'routing-table': routeName, }) except Exception as e: print('添加路由表失败: {}'.format(e)) continue def configScripts(conn:Api,config): ''' 配置脚本 ''' scripts = conn.path('system', 'script') for script in scripts: if script['name'] == 'up': with open('scripts/up.rsc', 'rb') as file: upScript = str(file.read(), encoding='utf-8') scripts.update(**{ '.id': script['.id'], 'source': upScript }) elif script['name'] == 'down': with open('scripts/down.rsc', 'rb') as file: downScript = str(file.read(), encoding='utf-8') scripts.update(**{ '.id': script['.id'], 'source': downScript }) elif script['name'] == 'onlinestatus': with open('scripts/onlinestatus.rsc', 'rb') as file: onlineStatusScript = str(file.read(), encoding='utf-8') scripts.update(**{ '.id': script['.id'], 'source': onlineStatusScript.replace('', config['public']) }) elif script['name'] == 'pppoestatus': with open('scripts/pppoestatus.rsc', 'rb') as file: pppoeStatusScript = str(file.read(), encoding='utf-8') scripts.update(**{ '.id': script['.id'], 'source': pppoeStatusScript.replace('', config['public']) }) def configLogs(conn:Api,config): ''' 配置日志处理 ''' # 添加日志过滤器 filters = conn.path('ip', 'firewall', 'filter') for filter in filters: if filter['comment'] == 'natlog': try: filters.remove(filter['.id']) except Exception as e: print('删除过滤器失败: {}'.format(e)) continue filters.add(**{ 'chain': 'forward', 'action': 'log', 'comment': 'natlog', 'dst-address': '10.0.0.0/8', 'protocol': 'tcp', 'connection-nat-state': 'srcnat', 'tcp-flags': 'syn', }) filters.add(**{ 'chain': 'forward', 'action': 'log', 'comment': 'natlog', 'src-address': '10.0.0.0/8', 'protocol': 'udp', 'dst-port': '!53', 'connection-nat-state': '!srcnat', }) # 添加日志动作 actions = conn.path('system', 'logging', 'action') for action in actions: if action['name'] in ['logremote', 'logremoteidc']: try: actions.remove(action['.id']) except Exception as e: print('删除日志动作失败: {}'.format(e)) continue actions.add(**{ 'name': 'logremote', 'target': 'remote', 'src-address': '0.0.0.0', 'remote': '106.119.167.38', 'remote-port': '5775', }) actions.add(**{ 'name': 'logremoteidc', 'target': 'remote', 'src-address': '0.0.0.0', 'remote': '192.168.100.255', 'remote-port': '5775', }) # 配置日志动作 logs = conn.path('system', 'logging') for log in logs: if 'firewall' in log['topics'] and 'info' in log['topics']: try: logs.remove(log['.id']) except Exception as e: print('删除日志配置失败: {}'.format(e)) continue logs.add(**{ 'topics': 'firewall,info', 'prefix': config['code'], 'action': 'logremote', }) logs.add(**{ 'topics': 'firewall,info', 'prefix': config['code'], 'action': 'logremoteidc', }) def addDrop(conn:Api, config): ''' 添加丢弃规则 ''' domains = [ 'kasut.org', 'chigua41.xyz', 'chigua35.info', 'chigua32.life', 'iufsvayufgiwlj6ok.com', 'kaixr.top', 'qiopqc.cn', 'lsdhgsduyccnja18.com', 'tongyan01.club', 'nenmei37.club', '69lesbi.com', 'ero-labs.cool', 'soxue100.com', '24news.world', 'aaa215.click', 'qqqqqdfggjkgfgfhe.cc', 'lovefootjob.com', 'hadesex.com', ] ips = [ '23.231.144.26', '23.231.183.17', '23.231.182.57', '23.231.182.56', '154.92.94.91', '154.92.94.163', '192.250.241.167', '192.250.192.242', ] # 非法网站列表 layer7 = conn.path('ip', 'firewall', 'layer7-protocol') for item in layer7: if item['name'] == 'illegal': try: layer7.remove(item['.id']) except Exception as e: print('删除 Layer7 规则失败: {}'.format(e)) continue layer7.add(**{ 'name': 'illegal', 'regexp': f'({"|".join([re.escape(domain) for domain in domains])})[/:]?.*', }) # 非法 IP 列表 addressLists = conn.path('ip', 'firewall', 'address-list') for item in addressLists: if item['list'] == 'illegal': try: ips.remove(item['address']) except Exception as e: continue for ip in ips: addressLists.add(**{ 'list': 'illegal', 'address': ip, }) # 添加丢弃规则 filters = conn.path('ip', 'firewall', 'filter') for item in filters: if item['comment'] == 'drop illegal websites': try: filters.remove(item['.id']) except Exception as e: print('删除过滤器失败: {}'.format(e)) continue elif item['comment'] == 'drop illegal ips': try: filters.remove(item['.id']) except Exception as e: print('删除过滤器失败: {}'.format(e)) continue filters.add(**{ 'chain': 'forward', 'action': 'drop', 'layer7-protocol': 'illegal', 'comment': 'drop illegal websites', }) filters.add(**{ 'chain': 'forward', 'action': 'drop', 'src-address-list': 'illegal', 'comment': 'drop illegal ips', })