# npf生成
import os
import struct
import socket
NPFCONFIG = " /etc/snat.conf"
def ip2int(ip):
return struct.unpack("!I", socket.inet_aton(ip))[0]
def int2ip(i):
return socket.inet_ntoa(struct.pack("!I", i))
def clear():
os.system(" sed -i '/#group_start/,/#group_end/{/#group_start/!{/#group_end/!d}}' " + NPFCONFIG)
def reload():
os.system("sudo fp-npfctl reload " + NPFCONFIG)
def add(ip_start, ip_end):
num = 0
for index in range(ip2int(ip_start), ip2int(ip_end)):
cmd = ""
if index % 3 == 0:
num += 1
if num == 1:
os.system("sed -i \'/#group_start/a #group1_end\'" + NPFCONFIG)
os.system("sed -i \'/#group_start/a #group1_start\'" + NPFCONFIG)
cmd = "sed -i \'/#group1_start/a" + "group \"external" + str(
num) + "\" " + "on $n1 {pass stateful final from " + int2ip(index) + "}\'" + NPFCONFIG
print(cmd)
os.system(cmd)
else:
os.system("sed -i \'/#group" + str(num - 1) + "_end/a #group" + str(num) + "_end\'" + NPFCONFIG)
os.system("sed -i \'/#group" + str(num - 1) + "_end/a #group" + str(num) + "_start\'" + NPFCONFIG)
cmd = "sed -i \'/#group" + str(num) + "_start/a" + "group \"external" + str(
num) + "\" " + "on $n1 {pass stateful final from " + int2ip(index) + "}\'" + NPFCONFIG
print(cmd)
os.system(cmd)
def main():
clear()
# first parameter is ip_start,second is ip_end
add("192.168.0.1", "192.168.2.255")
reload()
if __name__ == "__main__":
main()
# iptables生成
import os
import struct
import socket
def ip2int(ip):
return struct.unpack("!I", socket.inet_aton(ip))[0]
def int2ip(i):
return socket.inet_ntoa(struct.pack("!I", i))
def clear():
os.system("sudo iptables -F FORWARD")
def add(ip_start, ip_end):
for index in range(ip2int(ip_start), ip2int(ip_end)):
if index % 3 == 0:
print("sudo iptables -w -A FORWARD -s " + int2ip(index) + " -j ACCEPT")
os.system("sudo iptables -w -A FORWARD -s " + int2ip(index) + " -j ACCEPT")
def main():
clear()
# first parameter is ip_start,second is ip_end
add("192.168.0.1", "192.168.10.255")
if __name__ == "__main__":
main()