##################################################
# Open the internet connection for an ip address.
# Usage: inet_conn.pl [-e | -d ] ip_address
##################################################
# 应该对IP地址进行测试
sub print_usage{
print "Usage: inet_conn.pl [-e | -d ] ip_address \n";
}
sub check_ip_address_valid{
my $h = shift;
# verify if ip address is valid.
my $re='^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$';
if(!($h =~ /$re/)){
print "The ip address \'$h\' is not valid.\n";
exit 1;
}
if($1 < 0 || $2 < 0 || $3 < 0 || $4 < 0 || $1 > 255 || $2 > 255 || $3 > 255 || $4 > 255 ){
print "The ip address \'$h\' is not valid.\n";
exit 1;
}
}
sub get_conf{
my $abc;
$t->open("10.10.10.1");
$t->waitfor('/PIX passwd:.*$/');
$t->print('pwd1');
$t->waitfor('/out-pix> .*$/');
$t->print('enable');
$t->waitfor('/Password:.*$/');
$t->print('pwd2');
$t->waitfor('/out-pix#.*$/');
$t->print('pager lines 0');
$t->waitfor('/out-pix#.*$/');
$t->print('show config');
($abc) = $t->waitfor('/out-pix#.*$/');
return $abc;
}
# Main program begins.
$argc = scalar(@ARGV);
if ( $argc > 2 || $argc < 1){
print_usage;
exit 1;
}
# login to the pix firewall and get the configuration.
use Net::Telnet ();
$t = new Net::Telnet (Timeout => 10,
Prompt => '/PIX passwd:.*$/', Errmode => 'return');
my $abc;
# check if the ip address is already opened.
if($argc == 1){
# display status
$h = $ARGV[0];
check_ip_address_valid($h);
$abc = get_conf();
$ip="nat (inside) 1 $h 255.255.255.255 0 0";
$ip =~ s/\./\\\./g;
$ip =~ s/\(/\\\(/g;
$ip =~ s/\)/\\\)/g;
if ($abc =~ ?$ip?){
print "The ip address \'$h\' is OPENED." ;
}else{
print "The ip address \'$h\' is CLOSED." ;
}
$t->print('exit');
exit 0;
}
if($argc == 2){
$s = $ARGV[0];
$h=$ARGV[1];
if($s eq "-e"){
check_ip_address_valid($h);
$abc = get_conf();
# open the internet connection
$ip="nat (inside) 1 $h 255.255.255.255 0 0";
$ip =~ s/\./\\\./g;
$ip =~ s/\(/\\\(/g;
$ip =~ s/\)/\\\)/g;
if ($abc =~ ?$ip?){
print "The ip address \'$h\' is ALREADY OPENED!" ;
exit 0;
}
$t->print('conf t');
$t->waitfor('/out-pix\(config\)#.*$/');
$cmd="nat (inside) 1 $h 255.255.255.255 0 0";
$t->print($cmd);
$t->waitfor('/out-pix\(config\)#.*$/');
$t->print('exit');
$t->waitfor('/out-pix#.*$/');
$t->print('wr mem');
$t->waitfor('/out-pix#.*$/');
$t->print('exit');
print "The ip address \'$h\' is OPENED SUCCESSFULLY.\n" ;
exit 0;
}elsif($s eq "-d"){
check_ip_address_valid($h);
# close the internet connection
$abc = get_conf();
$ip="nat (inside) 1 $h 255.255.255.255 0 0";
$ip =~ s/\./\\\./g;
$ip =~ s/\(/\\\(/g;
$ip =~ s/\)/\\\)/g;
# the internet connection must be 'open'.
if (!($abc =~ ?$ip?)){
print "The ip address \'$h\' is NOT PENED." ;
exit 0;
}
$t->print('conf t');
$t->waitfor('/out-pix\(config\)#.*$/');
$cmd="no nat (inside) 1 $h 255.255.255.255 0 0";
$t->print($cmd);
$t->waitfor('/out-pix\(config\)#.*$/');
$t->print('exit');
$t->waitfor('/out-pix#.*$/');
$t->print('wr mem');
$t->waitfor('/out-pix#.*$/');
$t->print('exit');
print "The ip address \'$h\' is CLOSED SUCCESSFULLY.\n" ;
$t->print('exit');
exit 0;
}else{
print('exit');
print_usage;
exit 1;
}
}
exit 0;
用Perl语言登录Cisco PIX防火墙修改配置
最新推荐文章于 2023-11-20 16:00:00 发布