标题: [文本处理] H3C防火墙ACL设置的批处理脚本 [打印本页]
作者: ejzhang 时间: 2022-10-13 15:44 标题: H3C防火墙ACL设置的批处理脚本
本帖最后由 ejzhang 于 2022-10-14 14:56 编辑
因为工作需要频繁开启关闭互联网终端权限,特编写了H3C防火墙ACL设置脚本方便值班人员操作。
现放出来供大家参考,防火墙为F1070,软件版本CMW 7.1.064 Release 9360P27,其他设备未测试,需开启SSH登录,脚本使用plink连接防火墙。
- @echo off
-
- plink -V>nul 2>&1
- if ERRORLEVEL 9009 (echo 未找到 plink 程序!&& pause>nul && goto end)
-
- set acl=2000
- set userid="admin"
- set passwd="admin123"
- set router="192.168.1.1"
-
- ping -n 1 %router%>nul 2>&1
- if ERRORLEVEL 1 (echo 无法访问路由器! && pause>nul && goto end)
-
- :begin
- if EXIST "%TEMP%\" (set rulesfile="%TEMP%\rules.h3c") else (set rulesfile="rules.h3c")
-
- type nul> %rulesfile%.tmp
- for /f "tokens=2-5*" %%i in ('plink -batch -l %userid% -pw %passwd% %router% "display acl %acl%" ^| findstr /rc:" *rule *[0-9][0-9]* *[\<permit\> \<deny\> \<comment\>]"') do @if "%%j"=="permit" (echo %%i: %%l ^(Yes^)) else (if "%%j"=="deny" (echo %%i: %%l ^(No^)) else (echo %%i: %%k%%l%%m))>> %rulesfile%.tmp
-
- type nul> %rulesfile%
- for /f "tokens=1* delims=:" %%i in ('findstr "\(Yes\)$ \(No\)$" %rulesfile%.tmp') do (
- set comment=
- for /f "skip=1 tokens=2*" %%x in ('findstr "^%%i:" %rulesfile%.tmp') do set comment=true && echo %%i:%%j //%%x%%y
- if not defined comment echo %%i:%%j
- )>> %rulesfile%
- del /q %rulesfile%.tmp
-
- :repeat
- echo.
- echo 互联网终端开通/关闭情况(Yes:开,No:关):
- type %rulesfile%
- set /p no=请输入要开通/关闭的互联网终端编号(可用“,”分割输入多个编号,0:退出):
-
- set "tt=%time::=%"
- set "tt=%tt:.=%"
- set "tt=%tt: =0%"
- if EXIST "%TEMP%\" (set cmdfile="%TEMP%\inet-updown-%tt%.h3c") else (set cmdfile="inet-updown-%tt%.h3c")
- echo system> %cmdfile%
- echo acl basic %acl%>> %cmdfile%
-
- set openNodes=
- set closeNodes=
- setlocal enableDelayedExpansion
- :loop
- for /f "tokens=1* delims=, " %%i in ("%no%") do (
- if %%i equ 0 goto end
- set id=%%i
- set no=%%j
- set ip=
- for /f "tokens=2" %%x in ('findstr "^%%i:" %rulesfile%') do set ip=%%x
- if defined ip goto found
- echo 终端编号 %%i 无效!
- goto loop
- :found
- findstr "^%id%:.*\(Yes\)" %rulesfile%>nul 2>&1 && (set closeNodes=%closeNodes%,%id%) || (set openNodes=%openNodes%,%id%)
- (findstr "^%id%:.*\(Yes\)" %rulesfile%>nul 2>&1 && (echo rule %id% deny source %ip% 0) || (echo rule %id% permit source %ip% 0))>> %cmdfile%
- )
- if defined no goto loop
- if defined openNodes echo 正在开通 %openNodes:~1% 号互联网终端...
- if defined closeNodes echo 正在关闭 %closeNodes:~1% 号互联网终端...
- endlocal
-
- echo return>> %cmdfile%
- echo quit>> %cmdfile%
- plink -batch -l %userid% -pw %passwd% %router% -m %cmdfile%>nul 2>&1
- del /q %cmdfile%>nul 2>&1
-
- goto begin
- :end
- del /q %cmdfile%>nul 2>&1
- del /q %rulesfile%>nul 2>&1
复制代码
欢迎光临 批处理之家 (http://bbs.bathome.net/) |
Powered by Discuz! 7.2 |