1:
Код:
user_rule.editor.class=bitel.billing.module.services.ipn.editor.MikrotikContractRuleEditor
gate_manager.class=bitel.billing.server.ipn.MikrotikGateWorker
use.script=1
2:
Код:
[OPEN]
<LOOP>
/ip firewall address-list add address={A} list=ACCESS_LIST comment=!!{CID}!!;
/ip firewall address-list add address={A} list=${speed} comment=!!{CID}!!;
</LOOP>
<LOOP_NET>
/ip firewall address-list add address= {IP}/{MASK_BIT} list=ACCESS_LIST comment=!!{CID}!!;
/ip firewall address-list add address= {IP}/{MASK_BIT} list=${speed} comment=!!{CID}!!;
</LOOP_NET>
[/OPEN]
[CLOSE]
/ip firewall address-list remove [/ip firewall address-list find comment="!!{CID}!!"];
[/CLOSE]
[DELETE]
/ip firewall address-list remove [/ip firewall address-list find comment="!!{CID}!!"];
[/DELETE]
[/DEFAULT]
3:
Код:
import java.util.*;
import java.util.regex.*;
import ru.bitel.bgbilling.common.*;
import bitel.billing.common.module.ipn.*;
import bitel.billing.server.ipn.bean.*;
import bitel.billing.server.ipn.*;
import bitel.billing.server.util.ssh.*;
import bitel.billing.server.util.*;
import bitel.billing.server.util.ssh.SSHSession;
import ru.bitel.bgbilling.modules.ipn.server.bean.command.GateCommandUtil;
import bitel.billing.common.module.ipn.IPNContractStatus;
protected void doSync()
{
host = gate.getHost();
port = gate.getPort();
gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" );
login = gateSetup.getStringValue( "login", "root" );
pswd = gate.getKeyword();
session = null;
try
{
session = new SSHSessionExec( host, port, login, pswd );
address_list = session.command( "ip firewall address-list print without-paging where list=ACCESS_LIST" );
new_address_list = null;
for ( UserStatus status : statusList )
{
cid = status.contractId;
ruleType = status.ruleType;
rule_id = 0;
if (ruleType != null)
{
rule_id = ruleType.getId();
};
rules = null;
if (address_list.indexOf( "!!" + cid + "!!" ) >= 0)
{
if ( status.status > 0 )
{
if ( status.status == IPNContractStatus.STATUS_REMOVED )
{
rules = getDeleteRules( status );
}
else
{
rules = getCloseRules( status );
};
};
}
else if ( status.status == IPNContractStatus.STATUS_OPEN )
{
rules = getOpenRules( status );
};
if (rules != null){
for ( String rule : rules )
{
p = Pattern.compile("rule_id");
m = p.matcher(rule);
if (new_address_list == null)
{
new_address_list = "";
};
new_address_list = new_address_list + m.replaceAll("rule_id="+rule_id) + "\n";
};
};
}
if (new_address_list != null){
result = session.command(new_address_list);
};
}
finally { if ( session != null ) { session.disconnect(); } }
}
private getOpenRules( status )
{
return getRules( status, "\\[OPEN\\](.*)\\[/OPEN\\]" );
}
private getCloseRules( status )
{
return getRules( status, "\\[CLOSE\\](.*)\\[/CLOSE\\]" );
}
private getDeleteRules( status )
{
return getRules( status, "\\[DELETE\\](.*)\\[/DELETE\\]" );
}
private getRules( status, template )
{
rule = status.rule.getRuleText();
if ( status.ruleType != null )
{
rule = generateRule( rule, status.gateType, status.ruleType, status.contractId );
}
pattern = Pattern.compile( template, Pattern.DOTALL );
m = pattern.matcher( rule );
if ( m.find() )
{
rule = m.group( 1 );
}
rule.replaceAll( "\r", "" );
return rule.split( "\n" );
}
private generateRule( addresses, gateType, ruleType, cid )
{
String rule;
replacements = new HashMap();
replacements.put( "\\{CID\\}", String.valueOf( cid ) );
ruleText = GateCommandUtil.getRule( gateType, ruleType );
rule = GateCommandUtil.generateRule( ruleText, addresses, replacements, ruleType );
return rule;
}
4:
Код:
/queue type
add kind=pcq name=2m pcq-classifier=dst-address pcq-dst-address-mask=29 pcq-rate=2048k pcq-src-address-mask=29
add kind=pcq name=4m pcq-classifier=dst-address pcq-dst-address-mask=29 pcq-rate=4196k pcq-src-address-mask=29
add kind=pcq name=6m pcq-classifier=dst-address pcq-dst-address-mask=29 pcq-rate=6200k pcq-src-address-mask=29
add kind=pcq name=12m pcq-classifier=dst-address pcq-dst-address-mask=29 pcq-rate=12200k pcq-src-address-mask=29
add kind=pcq name=unlim pcq-classifier=dst-address pcq-dst-address-mask=29 pcq-rate=100M pcq-src-address-mask=29
/queue tree
add name=2m packet-mark=2m parent=total queue=2m
add name=4m packet-mark=4m parent=total queue=4m
add name=6m packet-mark=6m parent=total queue=6m
add name=12m packet-mark=12m parent=total queue=12m
add name=un packet-mark=unlim parent=total queue=unlim
/ip firewall filter
add chain=forward dst-address-list=ACCESS_LIST
add chain=forward src-address-list=ACCESS_LIST
add action=drop chain=forward
/ip firewall mangle
add action=mark-packet chain=forward dst-address-list=2m in-interface=ether3 new-packet-mark=2m passthrough=no
add action=mark-packet chain=forward dst-address-list=4m in-interface=ether3 new-packet-mark=4m passthrough=no
add action=mark-packet chain=forward dst-address-list=6m in-interface=ether3 new-packet-mark=6m passthrough=no
add action=mark-packet chain=forward dst-address-list=12m in-interface=ether3 new-packet-mark=12m passthrough=no
add action=mark-packet chain=forward dst-address-list=unlim in-interface=ether3 new-packet-mark=unlim passthrough=no
5:
Код:
cat /etc/crontab:
40 1 * * * root /root/select_13
45 * * * root /usr/sbin/zvonok_jene.sh
cat select_13:
#!/bin/bash
find /root/data/ -mtime +10 -type f -exec rm -rf {} \;
d=`date +%M%H%d%m%g`
mysql -uroot -p:jfgDctvBlbjnfv -B -N -e "select cid,rtid,INET_NTOA(SUBSTRING( rule_txt,2,10)) from ipn_user_gate_1 where fwid="10";" bgbilling > /root/data/$d.0_10
if [ -s /root/data/$d.0_10 ]
then
echo "/ip firewall address-list remove [/ip firewall address-list find list=unlim]" > /root/rules_10.rsc
echo "/ip firewall address-list remove [/ip firewall address-list find list=2m]" >> /root/rules_10.rsc
echo "/ip firewall address-list remove [/ip firewall address-list find list=4m]" >> /root/rules_10.rsc
echo "/ip firewall address-list remove [/ip firewall address-list find list=6m]" >> /root/rules_10.rsc
echo "/ip firewall address-list remove [/ip firewall address-list find list=12m]" >> /root/rules_10.rsc
while read line
do
cid=`echo "${line}"|awk '{print $1}'`
rule_num=`echo "${line}"|awk '{print $2}'`
ip=`echo "${line}"|awk '{print $3}'`
rule_name=`grep -w ${rule_num} /root/rules|awk '{print $2}'`
if [ x$rule_name = x ]
then
rule_name=unlim
fi
echo "/ip firewall address-list add address=$ip/29 list=$rule_name comment=!!$cid!!" >> /root/rules_10.rsc
done < /root/data/$d.0_10
echo "/file remove [ /file find name=\"rules_10.rsc\" ];" >> /root/rules_10.rsc
ncftpput -u admin -p :jfgDctvBlbjnfv 192.168.0.255 / /root/rules_10.rsc
sleep 1
/root/s.200
else
exit
fi
cat rules:
1 unlim
5 2m
6 4m
7 6m
8 12m
cat s.200:
#!/bin/sh
export SSH_ASKPASS="/root/p.sh"
export DISPLAY=":0"
setsid ssh admin@192.168.0.255 "import rules_10.rsc"
cat p.sh:
#!/bin/bash
echo ":jfgDctvBlbjnfv"
Тока прежде чем "сссашиться" на микротик из скриптов и БЖБ - надо не забыть обменяться с ним ( RSA( DSA)) ключами из командной строки....
Вход
Регистрация
FAQ
Поиск
