update

wangqiang1988 · Apr 13, 2024 · 30f7be3 · 30f7be3
1 parent 96905a7
commit 30f7be3
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 16 deletions.
diff --git a/cli_creator/firewall/forti.py b/cli_creator/firewall/forti.py
@@ -1,18 +1,44 @@
 class FirewallConfigurator:
-    def __init__(self, name, src_if, des_if, src_address, des_address, tcp_port, udp_port):
+    def __init__(self, name, src_if, des_if, src_address, des_address, tcp_port, udp_port, log):
         self.name = name
         self.src_if = src_if
         self.des_if = des_if
         self.src_address = src_address
         self.des_address = des_address
         self.tcp_port = tcp_port
         self.udp_port = udp_port
+        self.log = log
+    def subnet_mask(self, prefix):
+        """
+        计算子网掩码
+        :param prefix: 子网掩码的前缀长度，如 /24
+     :return: 子网掩码字符串，如 '255.255.255.0'
+        """
+    # 先将前缀长度转换为整数
+        prefix_length = int(prefix.strip('/'))
 
+    # 计算子网掩码的四个字节
+        mask = [0, 0, 0, 0]
+        for i in range(prefix_length // 8):
+            mask[i] = 255
+        remaining_bits = prefix_length % 8
+        if remaining_bits > 0:
+            mask[prefix_length // 8] = 256 - (1 << (8 - remaining_bits))
+
+    # 将子网掩码转换为字符串形式
+        mask_str = '.'.join(map(str, mask))
+
+        return mask_str
     def configure_address(self):
         command = "config firewall address\n"
         for i in self.src_address.split(','):
             if i == "all":
                 pass
+            elif '/' in i:
+                edit = "edit %s" % i
+                subnet = "set subnet %s %s" % (i.split('/')[0],self.subnet_mask(i.split('/')[-1]))
+                next = "next"
+                command += edit + '\n' + subnet + '\n' + next + '\n'
             else:
                 edit = "edit %s/32" % i
                 subnet = "set subnet %s 255.255.255.255" % i
@@ -21,6 +47,11 @@ def configure_address(self):
         for j in self.des_address.split(','):
             if j == 'all':
                 pass
+            elif '/' in j:
+                edit = "edit %s" % j
+                subnet = "set subnet %s %s" % (j.split('/')[0],self.subnet_mask(j.split('/')[-1]))
+                next = "next"
+                command += edit + '\n' + subnet + '\n' + next + '\n'
             else:
                 edit = "edit %s/32" % j
                 subnet = "set subnet %s 255.255.255.255" % j
@@ -59,11 +90,15 @@ def configure_policy(self):
         for i in self.src_address.split(','):
             if i == "all":
                 src_address_str += "all"
+            elif '/' in i:
+                src_address_str += i + " "
             else:
                 src_address_str += i + "/32 "
         for j in self.des_address.split(','):
             if j == "all":
                 des_address_str += 'all'
+            elif '/' in j:
+                des_address_str += j + " "
             elif j == "":
                 pass
             else:
@@ -91,28 +126,23 @@ def configure_policy(self):
         dstaddr = "set dstaddr %s" % des_address_str
         schedule = "set schedule always"
         service = "set service %s" % (tcp_port_str + udp_port_str)
+        logtraffic = "set logtraffic %s" % self.log
         action = "set action accept"
         status = "set status disable"
         end = "end"
-        command += name + '\n' + srcintf + '\n' + dstintf + '\n' + srcaddr + '\n' + dstaddr + '\n' + schedule + '\n' + service + '\n' + action + '\n' + status + '\n' + end
+        command += name + '\n' + srcintf + '\n' + dstintf + '\n' + srcaddr + '\n' + dstaddr + '\n' + schedule + '\n' + service + '\n' + logtraffic + '\n' + action + '\n' + status + '\n' + end
         return command
 
 if __name__ == '__main__':
     src_if = "x1"
     des_if = "x2"
-    src_add = """10.101.10.38
-10.101.10.10
-10.101.0.40
-10.101.0.44
-10.101.0.22
-10.101.10.16
-172.30.1.3
-172.30.1.4"""
-
-    des_add = """1.1.1.1"""
+    src_add = "192.168.1.1,192.168.1.2,10.1.1.0/24"
+    des_add = "1.1.1.1/32"
     tcp_port = "ALL"
     udp_port = "ALL"
+    log = "all"
     name_input = input("policy_name:")
-    firewall = FirewallConfigurator(name_input,src_if,des_if,src_add,des_add,tcp_port,udp_port)
-    print(type(firewall.configure_address()))
+    firewall = FirewallConfigurator(name_input,src_if,des_if,src_add,des_add,tcp_port,udp_port,log)
+    print(firewall.configure_address())
     firewall.configure_policy()
+    print(firewall.subnet_mask('23'))
diff --git a/cli_creator/firewall/views.py b/cli_creator/firewall/views.py
@@ -13,8 +13,9 @@ def forticli(request):
         des_add = request.query_params.get('des_add')
         tcp_port = request.query_params.get('tcp_port')
         udp_port = request.query_params.get('udp_port')
-        print(name, src_if, des_if, src_add, des_add, tcp_port, udp_port)
-        config = FirewallConfigurator(name, src_if, des_if, src_add, des_add, tcp_port, udp_port)
+        log = request.query_params.get('log')
+        print(name, src_if, des_if, src_add, des_add, tcp_port, udp_port, log)
+        config = FirewallConfigurator(name, src_if, des_if, src_add, des_add, tcp_port, udp_port, log)
         result_command = config.configure_address() + config.configre_port() + config.configure_policy()
         result_command_str = str(result_command)