用Perl语言登录Cisco PIX防火墙修改配置
发布时间:2020-12-16 00:19:18 所属栏目:大数据 来源:网络整理
导读:################################################### Open the internet connection for an ip address.# Usage: inet_conn.pl [-e | -d ] ip_address################################################### 应该对IP地址进行测试sub print_usage{print "Us
##################################################
# Open the internet connection for an ip address.
# Usage: inet_conn.pl [-e | -d ] ip_address
##################################################
# 应该对IP地址进行测试
sub print_usage{
print "Usage: inet_conn.pl [-e | -d ] ip_address n";
}
sub check_ip_address_valid{
my $h = shift;
# verify if ip address is valid.
my $re='^([0-9]{1,3}).([0-9]{1,3})$';
if(!($h =~ /$re/)){
print "The ip address '$h' is not valid.n";
exit 1;
}
if($1 < 0 || $2 < 0 || $3 < 0 || $4 < 0 || $1 > 255 || $2 > 255 || $3 > 255 || $4 > 255 ){
print "The ip address '$h' is not valid.n";
exit 1;
}
}
sub get_conf{
my $abc;
$t->open("10.10.10.1");
$t->waitfor('/PIX passwd:.*$/');
$t->print('pwd1');
$t->waitfor('/out-pix> .*$/');
$t->print('enable');
$t->waitfor('/Password:.*$/');
$t->print('pwd2');
$t->waitfor('/out-pix#.*$/');
$t->print('pager lines 0');
$t->waitfor('/out-pix#.*$/');
$t->print('show config');
($abc) = $t->waitfor('/out-pix#.*$/');
return $abc;
}
# Main program begins.
$argc = scalar(@ARGV);
if ( $argc > 2 || $argc < 1){
print_usage;
exit 1;
}
# login to the pix firewall and get the configuration.
use Net::Telnet ();
$t = new Net::Telnet (Timeout => 10,Prompt => '/PIX passwd:.*$/',Errmode => 'return');
my $abc;
# check if the ip address is already opened.
if($argc == 1){
# display status
$h = $ARGV[0];
check_ip_address_valid($h);
$abc = get_conf();
$ip="nat (inside) 1 $h 255.255.255.255 0 0";
$ip =~ s/././g;
$ip =~ s/(/(/g;
$ip =~ s/)/)/g;
if ($abc =~ ?$ip?){
print "The ip address '$h' is OPENED." ;
}else{
print "The ip address '$h' is CLOSED." ;
}
$t->print('exit');
exit 0;
}
if($argc == 2){
$s = $ARGV[0];
$h=$ARGV[1];
if($s eq "-e"){
check_ip_address_valid($h);
$abc = get_conf();
# open the internet connection
$ip="nat (inside) 1 $h 255.255.255.255 0 0";
$ip =~ s/././g;
$ip =~ s/(/(/g;
$ip =~ s/)/)/g;
if ($abc =~ ?$ip?){
print "The ip address '$h' is ALREADY OPENED!" ;
exit 0;
}
$t->print('conf t');
$t->waitfor('/out-pix(config)#.*$/');
$cmd="nat (inside) 1 $h 255.255.255.255 0 0";
$t->print($cmd);
$t->waitfor('/out-pix(config)#.*$/');
$t->print('exit');
$t->waitfor('/out-pix#.*$/');
$t->print('wr mem');
$t->waitfor('/out-pix#.*$/');
$t->print('exit');
print "The ip address '$h' is OPENED SUCCESSFULLY.n" ;
exit 0;
}elsif($s eq "-d"){
check_ip_address_valid($h);
# close the internet connection
$abc = get_conf();
$ip="nat (inside) 1 $h 255.255.255.255 0 0";
$ip =~ s/././g;
$ip =~ s/(/(/g;
$ip =~ s/)/)/g;
# the internet connection must be 'open'.
if (!($abc =~ ?$ip?)){
print "The ip address '$h' is NOT PENED." ;
exit 0;
}
$t->print('conf t');
$t->waitfor('/out-pix(config)#.*$/');
$cmd="no nat (inside) 1 $h 255.255.255.255 0 0";
$t->print($cmd);
$t->waitfor('/out-pix(config)#.*$/');
$t->print('exit');
$t->waitfor('/out-pix#.*$/');
$t->print('wr mem');
$t->waitfor('/out-pix#.*$/');
$t->print('exit');
print "The ip address '$h' is CLOSED SUCCESSFULLY.n" ;
$t->print('exit');
exit 0;
}else{
print('exit');
print_usage;
exit 1;
}
}
exit 0;
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |