生成Juniper防火墙映射公网对应端口列表
- 主要网络同事太懒,让帮忙给写脚本自动生成下对应映射ip和端口。
- 拿Juniper配置文件执行脚本生成,公网映射对应内网ip和端口
#!/bin/bash
file=$1
outfile='PortMsg.csv'
Natid=$(grep destination-nat $file |grep NATDST|awk '{print $12}')
for id in $Natid
#for id in nat10090ser190
do
id=$(echo $id|awk -F"\r" '{print $1}')
ruleId=$(grep "pool $id" $file |grep rule-set |awk '{print $7" "$8}')
ruleId=$(echo $ruleId|awk -F"\r" '{print $1}')
#ruleId=$(echo $ruleId |sed s/" rule"/"|rule "/g)
ruleId=$(echo $ruleId | sed s/" rule"/"|rule"/g | sed 's/|/ |/'g)
PublicIP=$(egrep "$ruleId match" $file|grep "match destination-address"|awk '{print $NF}'|cut -d/ -f1|sort|uniq)
PublicPort=$(egrep "$ruleId match" $file|grep "match destination-port"|awk '{print $NF}'|cut -d/ -f1|sort|uniq)
localIP=$(grep "pool $id" $file |grep "destination pool"|grep '/'| awk '{print $NF}'|cut -d/ -f1)
localPort=$(grep "pool $id" $file |grep "destination pool"|grep -v '/'| awk '{print $NF}'|cut -d/ -f1)
PublicIP=$(echo $PublicIP|awk -F"\r" '{print $1}')
PublicPort=$(echo $PublicPort|awk -F"\r" '{print $1}')
localIP=$(echo $localIP|awk -F"\r" '{print $1}')
localPort=$(echo $localPort|awk -F"\r" '{print $1}')
echo $PublicIP,$PublicPort,$localIP,$localPort >> $outfile
done
echo "create file $outfile ok"
##导出Juniper防火墙配置文件,需要转码下,不然grep无法过滤到数据。
[root@storager_node_1 ~]# file DSJZX-SRX340.txt
DSJZX-SRX340.txt: Little-endian UTF-16 Unicode text, with CRLF line terminators
[root@storager_node_1 ~]# dos2unix DSJZX-SRX340.txt
dos2unix: converting file DSJZX-SRX340.txt to Unix format ...
[root@storager_node_1 ~]# file DSJZX-SRX340.txt
DSJZX-SRX340.txt: ASCII text
[root@storager_node_1 ~]# ./FormatPort.sh DSJZX-SRX340.txt
create file PortMsg.csv ok
[root@storager_node_1 ~]# more PortMsg.csv
#公网1、公网2,公网端口,内网ip,内网端口
22.22.22.22 22.22.22.33,22125,192.168.127.22,22
评论区