policy:
注:飞塔防火墙中通过策略对相应ip进行封禁
-
在对policy进行添加对象中无法进行追加操作,需使用GET对其中相应数据进行获取后与追加数据进行合并并上传至飞塔相应策略中
-
创建策略基本参数示例:【在创建策略中无法创建空策略】
#创建IPv4封禁策略 policy_rule = {"status": "enable", "name": f"{ip}tttt", "srcintf": [{"name": args.SOURCE_TAGE}], "dstintf": [{"name": args.DINSOURCE_TAGE}], "srcaddr": [{"name": f"{ip}pppp01"}], "dstaddr": [{"name": "all"}], "action": args.ACTION, "schedule": "always", "schedule-timeout": "disable", "service": [{"name": "ALL"}]} #创建IPv6封禁策略 policy_rule = {"status": "enable", "name": f"{ip}tttt", "srcintf": [{"name": args.SOURCE_TAGE}], "dstintf": [{"name": args.DINSOURCE_TAGE}], "srcaddr6": [{"name": f"{ip}pppp01"}], "dstaddr": [{"name": "all"}], "action": args.ACTION, "schedule": "always", "schedule-timeout": "disable", "service": [{"name": "ALL"}]}
-
创建策略使用参数:
#请求头 headers = {"Authorization": f"Bearer {args.TOKEN_KEY}", "Content-Type": args.OURY_TYPE} #使用post请求进行创建通过requests库进行操作【正确返回值:200】 rturn_code = requests.post(url = https://Fortien_address/api/v2/cmdb/firewall/policy,headers = headers,json = policy_rule,verify = False) print(rturn_code.status_code)
-
获取策略中相应原数据信息
#请求头 headers = {"Authorization": f"Bearer {args.TOKEN_KEY}", "Content-Type": args.OURY_TYPE} #使用get请求通过requests获取相应策略参数,可指定policy_ID获取指定策略原始数据,正确返回编号为200 result = requests.get(url = https://Fortien_address/api/v2/cmdb/firewall/policy/policy_id,headers = headers,verify = False) if (result.status_code == 200): print(result.json()) else: print(f"参数获取失败,返回编号:{result.status_code}")
-
将相应ip对象添加至封禁策略中
注:同时可将地址组添加至策略中,可避免重复添加地址对象至策略中。【将地址对象添加至已上传至策略中的地址组后将完成封禁,因为相应地址组以添加至策略中】
#请求头 headers = {"Authorization": f"Bearer {args.TOKEN_KEY}", "Content-Type": args.OURY_TYPE} #使用put请求通过requests库进行操作,正确返回编号为200 #如果直接将参数上传至相应策略中时,将会对原数据进行覆盖,so需要将原数据获取并将新的IP对象添加原数据中在进行上传,不会对历史封禁数据造成影响【在执行封禁中scraddr6中的数据为IPV6格式的ip地址,scraddr中的数据为IPV4格式的ip地址】 result = requests.get(url = FO_POLICY_url/policy_id,headers = headers,verify = False) if (result.status_code == 200): result01 = result.json() data_json = result01["results"][0] data_json["scraddr6"].append({"name":ip_object_name}) status_code = results.put(url = https://Fortien_address/api/v2/cmdb/firewall/policy/policy_id,headers = headers,json = data_json,verfy = False) if (status_code.status_code == 200): print(f"IP对象封禁成功") else: print(f"IP对象封禁失败,返回编码:{status_code.status_code()}") else: print(f"读取数据失败,返回编码:{result.status_code}")
address&address6:
注:address接口为创建地址对象其中address为创建IPV4格式ip,address6为创建IPV6格式ip
-
创建地址对象过程中相同ip对象名称无法进行重复创建,当地址池中已存在相同的地址对象名称后将返回编号为500
-
创建地址对象的参数示例
#创建地址ipv4对象参数 address_object = {"name": ip, "type": "ip", "subnet": f"{ip}/32"} #创建地址ipv6对象参数 address_object6 = {"name": ip, "type": "ip", "subnet": f"{ip}/64"}
-
通过RestAPI访问请求头示例:
headers = {"Authorization": f"Bearer {args.TOKEN_KEY}", "Content-Type": args.OURY_TYPE}
-
创建地址使用post请求通过requests进行创建
#创建ipv4格式地址对象 requests_code = requests.post(url = https://Fortien_address/api/v2/cmdb/firewall/address,headers = headers,json = address_object,verify = False) #创建ipv6格式地址对象 requests_code = requests.post(url = https://Fortien_address/api/v2/cmd/firewall/address6,headers = headers,json = address_object,verify = False)
-
通过get可对地址池中地址对象信息进行获取
#获取地址对象信息 requests_code = requests.get(url = https://Fortien_address/api/v2/cmdb/firewall/address,headers = headers,verify = False) if (requests_code.status_code == 200): print(requests_code.json()) else: print(f"参数获取失败,返回编码:{requests_code.status_code}")
-
可使用put对指定对象中数据进行更新
#IP参数 address = {"type": "ip", "subnet": f"{new_ip}/32"} requests_code = requests.put(url = https://Fortien_address/api/v2/cmdb/firewall/address/address_object_name,headers = headers,json = address,verify = False)
addrgrp&addrgrp6:
注:地址组在创建过程中无法创建非空地址组,地址组成员最大600个成员
-
地址组为地址对象的集合,通过地址组将相同性质的IP对象归类为地址组方便对地址对象管理
-
地址组中的对象数据无法进行追加操作,将相应地址对象添加至地址组中时,需先将地址组中的原始数据获取并将地址对象添加至原数据集合中
-
创建地址组所需要的参数
address_group = {"name": 地址组名称, "member": [{"name": 地址对象名称}]}
-
使用post创建地址组
#创建ipv4地址组 requests_code = requests.post(url = https://Fortien_address/api/v2/cmd/firewall/addrgrp,headers = headers,json = address_group,verify = False) #创建ipv6地址组 requests_code = requests.post(url = https://Fortien_address/api/v2/cmd/firewall/addrgrp6,headers = headers,json = address_group,verify = False)
-
通过get可以获取指定
requests_code = requests.get(url = https://Fortien_address/api/v2/cmd/firewall/addrgrp/addrgrp_name,headers = headers,verify = False) if(requests_code.status_code == 200): print(requests_code.json()) else: print(f"获取数据失败,返回编号:{requests_code.status_code}")
-
使用put将地址对象添加至相应地址组中
requests_code = requests.get(url = https://Fortien_address/api/v2/cmd/firewall/addrgrp/addrgrp_name,headers = headers,verify = False) if (requests_code.status_code == 200): result = requests_code.json() result01 = result["results"][0] result01["member"].append({"name":address_object_name}) result02 = requests.put(url = https://Fortien_address/api/v2/cmd/firewall/addrgrp/addrgrp_name,headers = headers,json = result01,verify = False) if(result02.status_code == 200): print("添加对象至地址组中操作成功") else: print(f"添加对象至地址组中操作失败,返回编码:{result02.status_code}") else: print(f"获取原始数据失败,返回编码:{requests_code.status_code}")
总结:
-
在使用飞塔过程中,参数可通过get进行爬取。可获取与客户参数较为符合的参数类型
-
联动封禁策略思想:
-
创建告警IP相应的地址对象
-
创建地址组将地址对象进行归类
-
创建策略将地址组添加至相应封禁策略中
-