import requests import xmltodict import pymysql #总部华为防火墙 firewall_ip_dict ={ 'xx出口防火墙':'10.84.xx', 'xxx防火墙': '10.84.xx', 'xxxxx防火墙':'10.84.xx' } conn = pymysql.connect( host="10.32.xx", port=8080, user="user", passwd="xx", db="firewall_natserver", charset="utf8" ) cursor = conn.cursor(pymysql.cursors.DictCursor) sql = 'insert into firewall_nat_info(firewall_name,PN_ip,PN_port,agreement,IN_ip,IN_port,des) value(%s,%s,%s,%s,%s,%s,%s);' for firewall_name,firewall_ip in firewall_ip_dict.items(): url = 'http://{0}:9000/restconf/data/huawei-nat-server:nat-server'.format(firewall_ip) req = requests.get(url,headers={'Authorization': 'Basic xxxxxxxxxxxxxxx'}).text xml_doc = xmltodict.parse(req) dnat_data =xml_doc['reply']['data']['nat-server']['server-mapping'] for nat in dnat_data: if nat.get('protocol') == '6':#判断是否是tcp/udp agreement = "TCP" elif nat.get('protocol') == '17': agreement = "UDP" else: agreement = "ALL" if isinstance(nat.get('global-port'),dict):#判断是否是端口信息 PN_port =nat.get('global-port').get('start-port') else: PN_port = 'ALL_Port' if isinstance(nat.get('inside-port'),dict): IN_port = nat.get('inside-port').get('start-port') else: IN_port = 'ALL_Port' print('防火墙名称:', firewall_name, '公网ip:', nat.get('global').get('start-ip'), '公网端口:', PN_port, '协议:', agreement, '内网ip:', nat.get('inside').get('start-ip'), '内网端口:', IN_port, '描述:', nat.get('name')) rows = cursor.execute(sql, (firewall_name,nat.get('global').get('start-ip'),PN_port,agreement, nat.get('inside').get('start-ip'),IN_port,nat.get('name'))) conn.commit() #H3C防火墙 url = "http://10.123.xxx/api/v1/tokens" req = requests.post( url, headers={"Authorization": "Basic xxxxxxxxxxxxxx"}) token_id = req.json().get('token-id') url2 = "http://10.123.xx.x/api/v1/NAT/ServerOnInterfaces" req = requests.get(url2,headers={"X-Auth-Token": token_id}) dnat_data = req.json().get('ServerOnInterfaces') for dnat in dnat_data: if dnat.get('Disable'):continue #禁用策略不显示 if dnat.get('ProtocolType') == 6: #判断tcp\udp协议 agreement ='TCP' elif dnat.get('ProtocolType') == 17: agreement ='UDP' else: agreement ='ALL' if dnat.get('GlobalInfo').get('GlobalEndPortNumber'): #判断公网侧是否有连续端口 PN_port = str(dnat.get('GlobalInfo').get('GlobalStartPortNumber')) +'-'+str(dnat.get('GlobalInfo').get('GlobalEndPortNumber')) else: PN_port = dnat.get('GlobalInfo').get('GlobalStartPortNumber') if dnat.get('LocalInfo').get('LocalEndPortNumber'):#判断内网侧是否有连续端口 IN_port = str(dnat.get('LocalInfo').get('LocalStartPortNumber')) +'-'+str(dnat.get('LocalInfo').get('LocalEndPortNumber')) else: IN_port = dnat.get('LocalInfo').get('LocalStartPortNumber') print('防火墙名称:', 'H3c边界防火墙', '公网ip:',dnat.get('GlobalInfo').get('GlobalStartIpv4Address'), '公网端口:',PN_port, '协议:',agreement, '内网ip:',dnat.get('LocalInfo').get('LocalStartIpv4Address'), '内网端口:',IN_port, '描述:',dnat.get('Description')) rows = cursor.execute(sql, ('H3c边界防火墙', dnat.get('GlobalInfo').get('GlobalStartIpv4Address'), PN_port, agreement, dnat.get('LocalInfo').get('LocalStartIpv4Address'),IN_port, dnat.get('Description'))) conn.commit()
h3c(or huawei)_firewall_dnat(python)
于 2022-06-07 09:35:17 首次发布