#!/usr/bin/env python
#encoding:utf-8
import paramiko #导入paramiko模块
import sys
import traceback
import socket
import readline
import os
#输入参数
host = sys.argv[1] #通过sys下的argv来获取命令行的输入,这里为获取命令的第一个参数
username = sys.argv[2] #需要连接的远程主机的用户名
password = sys.argv[3] #需要连接的远程主机的密码
#定义一个Usser类,包括连接的方法
class User:
host =""
username =""
password =""
def __init__(self,host,username,password):
self.host = host
self.username = username
self.password = password
def get_connection(self,host1,username1,password1):
try:
host = host1
username = username1
password = password1
s = paramiko.SSHClient() #调用paramiko模块下的SSHClient()
s.load_system_host_keys() #加载,
s.set_missing_host_key_policy(paramiko.AutoAddPolicy())
s.connect(host,22,username,password,timeout=5) #连接远程主机,SSH端口号为22
print("恭喜你远程连接主机("+User.host+")成功!")
return s
except Exception as e:
print("******* Connect failed*******")
traceback.print_exc()
sys.exit(1)
user = User(host,username,password)
s = user.get_connection(user.host,user.username,user.password)
stdin,stdout,stderr = s.exec_command('df -h')
#打印标准输出
print stdout.read()
#sign = sys.argv[4] #操作类型
#portNum = sys.argv[5] #端口号
#portarry =portNum.strip().split(',') #多个端口,放到数组
#portarry_length=len(portarry) #端口的个数
#extranet = sys.argv[6] #外部网IP参数
#intranet = sys.argv[7] #内部网IP参数
#intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
#extranetaddr = extranet.strip().split('.') #切割外部IP地址
#定义一个操作类,有增删查端口的方法
class PortsOperation:
portarry =[]
extranet =""
intranet =""
extranetaddr =[]
intranetaddr =[]
def __init__(self,portarry,extranet,intranet,extranetaddr,intranetaddr):
self.portarry = portarry
self.extranet = extranet
self.intranet = intranet
self.extranetaddr = extranetaddr
self.intranetaddr = intranetaddr
def addport(self,portarry,extranet,intranet,extranetaddr,intranetaddr):
cmd0 = 'set security nat static rule-set static-nat from zone Untrusted'
print cmd0
cmd1 = 'set security nat static rule-set static-nat rule '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-rule'+' match destination-address '+extranet+'/32'
print cmd1
cmd2 = 'set security nat static rule-set static-nat rule '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-rule'+' then static-nat prefix '+intranet+'/32'
print cmd2
cmd3 = 'set security nat proxy-arp interface reth1.0 address '+extranet+'/32'
print cmd3
cmd4 = 'set security zones security-zone Trusted address-book address '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address'+' '+intranet+'/32'
print cmd4
cmd5 = 'set security zones security-zone Trusted address-book address-set '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address-set' +' address '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address'
print cmd5
string_setapplication = 'set applications application ' +' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-application'
for i in range(len(portarry)):
cmd6 = string_setapplication + ' term '+str(portarry[i]) + ' protocol tcp'
cmd7 = string_setapplication + ' term '+str(portarry[i]) + ' destination-port '+str(portarry[i])
print cmd6
print cmd7
string_setsecurity='set security policies from-zone Untrusted to-zone Trusted policy '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-policy'
cmd9 = string_setsecurity +' match source-address any'
cmd10 = string_setsecurity +' match destination-address '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address-set'
cmd11 = string_setsecurity +' match application '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-application'
cmd12 = string_setsecurity +' then permit'
print cmd9
print cmd10
print cmd11
print cmd12
returnnum = 0
print "成功增加端口ports:",portarry;
return returnnum
def delport(self,portarry,extranet,intranet,extranetaddr,intranetaddr):
cmd0 ='delete security policies from-zone Untrusted to-zone Trusted policy '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-policy'
cmd1 ='delete applications application '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-application'
cmd2 = 'delete security zones security-zone Trusted address-book address-set '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address-set'
cmd3 = 'delete security zones security-zone Trusted address-book address '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address'
cmd4 = 'delete security nat proxy-arp interface reth1.0 address '+extranet+'/32'
cmd5 = 'delete security nat static rule-set static-nat rule '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-rule'
print cmd0
print cmd1
print cmd2
print cmd3
print cmd4
print cmd5
#操作判断
while 1:
print("操作1 增加端口请输入:addport 操作2 删除端口请输入:delport 操作3 查询请输入:select 操作四:退出请输入:exit")
sign = raw_input()
if sign=='addport':
print("增加操作 请输入:端口列表 外网IP 内网IP (备注:之间用一个空格隔开,端口列表用,号隔开)")
input = raw_input()
portNum,intranet,extranet = input.split(' ')
portarry =portNum.strip().split(',') #多个端口,放到数组
intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
extranetaddr = extranet.strip().split('.') #切割外部IP地址
portsopration = PortsOperation(portarry,extranet,intranet,extranetaddr,intranetaddr)
s = portsopration.addport(portsopration.portarry,portsopration.extranet,portsopration.intranet,portsopration.extranetaddr,portsopration.intranetaddr)
break
elif sign=='delport':
print("删除操作 请输入:端口列表 外网IP 内网IP (备注:之间用一个空格隔开,端口列表用,号隔开)")
input = raw_input()
portNum,intranet,extranet = input.split(' ')
portarry =portNum.strip().split(',') #多个端口,放到数组
intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
extranetaddr = extranet.strip().split('.') #切割外部IP地址
portsopration = PortsOperation(portarry,extranet,intranet,extranetaddr,intranetaddr)
s = portsopration.delport(portsopration.portarry,portsopration.extranet,portsopration.intranet,portsopration.extranetaddr,portsopration.intranetaddr)
print s
print("取消端口")
break
elif sign=='*':
#删除一个端口或者多个
portsopration = PortsOperation(portarry,extranet,intranet,extranetaddr,intranetaddr)
s = portsopration.delport(portsopration.portarry,portsopration.extranet,portsopration.intranet,portsopration.extranetaddr,portsopration.intranetaddr)
break
elif sign=='select':
print("查询操作 请输入:外网IP 内网IP (备注:中间用一个空格隔开)")
input = raw_input()
intranet,extranet = input.split(' ')
intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
extranetaddr = extranet.strip().split('.') #切割外部IP地址
cmd0 = 'show | display set | match '+'Outside'+intranetaddr[3]+'-TO-Inside'+extranetaddr[3]
cmd1 = 'show | display set | match '+extranet +' | match reth1.0'
print cmd0
print cmd1
break
elif sign=='exit':
print("退出成功!")
break
sys.exit(1)
else:
print("不知操作")
#encoding:utf-8
import paramiko #导入paramiko模块
import sys
import traceback
import socket
import readline
import os
#输入参数
host = sys.argv[1] #通过sys下的argv来获取命令行的输入,这里为获取命令的第一个参数
username = sys.argv[2] #需要连接的远程主机的用户名
password = sys.argv[3] #需要连接的远程主机的密码
#定义一个Usser类,包括连接的方法
class User:
host =""
username =""
password =""
def __init__(self,host,username,password):
self.host = host
self.username = username
self.password = password
def get_connection(self,host1,username1,password1):
try:
host = host1
username = username1
password = password1
s = paramiko.SSHClient() #调用paramiko模块下的SSHClient()
s.load_system_host_keys() #加载,
s.set_missing_host_key_policy(paramiko.AutoAddPolicy())
s.connect(host,22,username,password,timeout=5) #连接远程主机,SSH端口号为22
print("恭喜你远程连接主机("+User.host+")成功!")
return s
except Exception as e:
print("******* Connect failed*******")
traceback.print_exc()
sys.exit(1)
user = User(host,username,password)
s = user.get_connection(user.host,user.username,user.password)
stdin,stdout,stderr = s.exec_command('df -h')
#打印标准输出
print stdout.read()
#sign = sys.argv[4] #操作类型
#portNum = sys.argv[5] #端口号
#portarry =portNum.strip().split(',') #多个端口,放到数组
#portarry_length=len(portarry) #端口的个数
#extranet = sys.argv[6] #外部网IP参数
#intranet = sys.argv[7] #内部网IP参数
#intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
#extranetaddr = extranet.strip().split('.') #切割外部IP地址
#定义一个操作类,有增删查端口的方法
class PortsOperation:
portarry =[]
extranet =""
intranet =""
extranetaddr =[]
intranetaddr =[]
def __init__(self,portarry,extranet,intranet,extranetaddr,intranetaddr):
self.portarry = portarry
self.extranet = extranet
self.intranet = intranet
self.extranetaddr = extranetaddr
self.intranetaddr = intranetaddr
def addport(self,portarry,extranet,intranet,extranetaddr,intranetaddr):
cmd0 = 'set security nat static rule-set static-nat from zone Untrusted'
print cmd0
cmd1 = 'set security nat static rule-set static-nat rule '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-rule'+' match destination-address '+extranet+'/32'
print cmd1
cmd2 = 'set security nat static rule-set static-nat rule '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-rule'+' then static-nat prefix '+intranet+'/32'
print cmd2
cmd3 = 'set security nat proxy-arp interface reth1.0 address '+extranet+'/32'
print cmd3
cmd4 = 'set security zones security-zone Trusted address-book address '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address'+' '+intranet+'/32'
print cmd4
cmd5 = 'set security zones security-zone Trusted address-book address-set '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address-set' +' address '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address'
print cmd5
string_setapplication = 'set applications application ' +' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-application'
for i in range(len(portarry)):
cmd6 = string_setapplication + ' term '+str(portarry[i]) + ' protocol tcp'
cmd7 = string_setapplication + ' term '+str(portarry[i]) + ' destination-port '+str(portarry[i])
print cmd6
print cmd7
string_setsecurity='set security policies from-zone Untrusted to-zone Trusted policy '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-policy'
cmd9 = string_setsecurity +' match source-address any'
cmd10 = string_setsecurity +' match destination-address '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address-set'
cmd11 = string_setsecurity +' match application '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-application'
cmd12 = string_setsecurity +' then permit'
print cmd9
print cmd10
print cmd11
print cmd12
returnnum = 0
print "成功增加端口ports:",portarry;
return returnnum
def delport(self,portarry,extranet,intranet,extranetaddr,intranetaddr):
cmd0 ='delete security policies from-zone Untrusted to-zone Trusted policy '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-policy'
cmd1 ='delete applications application '+' Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-application'
cmd2 = 'delete security zones security-zone Trusted address-book address-set '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address-set'
cmd3 = 'delete security zones security-zone Trusted address-book address '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-address'
cmd4 = 'delete security nat proxy-arp interface reth1.0 address '+extranet+'/32'
cmd5 = 'delete security nat static rule-set static-nat rule '+'Outside'+extranetaddr[3]+'-TO-Inside'+intranetaddr[3]+'-rule'
print cmd0
print cmd1
print cmd2
print cmd3
print cmd4
print cmd5
#操作判断
while 1:
print("操作1 增加端口请输入:addport 操作2 删除端口请输入:delport 操作3 查询请输入:select 操作四:退出请输入:exit")
sign = raw_input()
if sign=='addport':
print("增加操作 请输入:端口列表 外网IP 内网IP (备注:之间用一个空格隔开,端口列表用,号隔开)")
input = raw_input()
portNum,intranet,extranet = input.split(' ')
portarry =portNum.strip().split(',') #多个端口,放到数组
intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
extranetaddr = extranet.strip().split('.') #切割外部IP地址
portsopration = PortsOperation(portarry,extranet,intranet,extranetaddr,intranetaddr)
s = portsopration.addport(portsopration.portarry,portsopration.extranet,portsopration.intranet,portsopration.extranetaddr,portsopration.intranetaddr)
break
elif sign=='delport':
print("删除操作 请输入:端口列表 外网IP 内网IP (备注:之间用一个空格隔开,端口列表用,号隔开)")
input = raw_input()
portNum,intranet,extranet = input.split(' ')
portarry =portNum.strip().split(',') #多个端口,放到数组
intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
extranetaddr = extranet.strip().split('.') #切割外部IP地址
portsopration = PortsOperation(portarry,extranet,intranet,extranetaddr,intranetaddr)
s = portsopration.delport(portsopration.portarry,portsopration.extranet,portsopration.intranet,portsopration.extranetaddr,portsopration.intranetaddr)
print s
print("取消端口")
break
elif sign=='*':
#删除一个端口或者多个
portsopration = PortsOperation(portarry,extranet,intranet,extranetaddr,intranetaddr)
s = portsopration.delport(portsopration.portarry,portsopration.extranet,portsopration.intranet,portsopration.extranetaddr,portsopration.intranetaddr)
break
elif sign=='select':
print("查询操作 请输入:外网IP 内网IP (备注:中间用一个空格隔开)")
input = raw_input()
intranet,extranet = input.split(' ')
intranetaddr = intranet.strip().split('.') #切割内部IP地址为一个列表
extranetaddr = extranet.strip().split('.') #切割外部IP地址
cmd0 = 'show | display set | match '+'Outside'+intranetaddr[3]+'-TO-Inside'+extranetaddr[3]
cmd1 = 'show | display set | match '+extranet +' | match reth1.0'
print cmd0
print cmd1
break
elif sign=='exit':
print("退出成功!")
break
sys.exit(1)
else:
print("不知操作")
扫一扫
330
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
