溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

Powershell轉(zhuǎn)換防火墻策略

發(fā)布時(shí)間:2020-07-27 03:31:17 來(lái)源:網(wǎng)絡(luò) 閱讀:1521 作者:beanxyz 欄目:系統(tǒng)運(yùn)維

需求

昨天在群里 有人提供了一些防火墻的策略文本,詢問(wèn)如何能夠在PowerShell里面轉(zhuǎn)換為對(duì)象。

文本樣例如下所示

rule id 39
  action permit
  src-zone "Any"
  dst-zone "Any"
  src-addr "Any"
  dst-addr "Any"
  service "Any"
exit
rule id 46
  action permit
  src-zone "Any"
  dst-zone "Any"
  src-addr "Any"
  dst-addr "Any"
  service "PING"
exit
rule id 11
  action permit
  src-zone "untrust"
  dst-zone "trust"
  src-addr "nqtwgroup"
  dst-addr "zj-wtqzgroup"
  service "wtqz_group"
  name "zj-nqtw-wtqz"
exit

方案1

因?yàn)檫@個(gè)文本看起來(lái)很有規(guī)律,所以第一個(gè)方案是使用 convertfrom-string這個(gè)命令,配合自己定義的模板,可以把這些字符串轉(zhuǎn)換為PS對(duì)象。

$t=
@'
rule id {ID*:39}
  action {action:permit}
  src-zone {srz_zone:"Any"}
  dst-zone {dst_zone:"Any"}
  src-addr {src_addr:"Any"}
  dst-addr {dst_addr:"Any"}
  service {service_addr:"Any"}
  {name:""}
exit
rule id {ID*:46}
  action permit
  src-zone "Any"
  dst-zone "Any"
  src-addr "Any"
  dst-addr "Any"
  service "PING"

exit
rule id 11
  action permit
  src-zone "untrust"
  dst-zone "trust"
  src-addr "nqtwgroup"
  dst-addr "zj-wtqzgroup"
  service "wtqz_group"
  name "zj-nqtw-wtqz"
exit
'@

ConvertFrom-String -TemplateContent $t -InputObject $st | ft -AutoSize

簡(jiǎn)單的解釋一下這個(gè)模板是怎么設(shè)計(jì)的,把整個(gè)文本copy過(guò)來(lái),在上面開始修改,比如我所需要的模板的每一行的開始需要用*進(jìn)行標(biāo)明,大括號(hào){}里面的鍵值對(duì),鍵是自己取的名字,后面的值是文本的原先的內(nèi)容;PS會(huì)自動(dòng)根據(jù)規(guī)律來(lái)生成對(duì)應(yīng)的對(duì)象。
具體的命令解釋可以參見 https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/convertfrom-string?view=powershell-5.1

結(jié)果如下所示:


ID action srz_zone  dst_zone src_addr    dst_addr       service_addr
-- ------ --------  -------- --------    --------       ------------
39 permit "Any"     "Any"    "Any"       "Any"          "Any"       
46 permit "Any"     "Any"    "Any"       "Any"          "PING"      
11 permit "untrust" "trust"  "nqtwgroup" "zj-wtqzgroup" "wtqz_group"

咋一看好像需要的結(jié)果都有了,不過(guò)仔細(xì)觀察 發(fā)現(xiàn)文本每一塊策略的內(nèi)容略微有些不太一樣,比如說(shuō)有些rule還多了個(gè)name的屬性,這樣的話如果不統(tǒng)一,一個(gè)單一的模板就對(duì)不上所以的內(nèi)容了。

方案2

傳統(tǒng)的正則+字符串拼接處理

 #原始文本
 $st=@"
rule id 39
  action permit
  src-zone "Any"
  dst-zone "Any"
  src-addr "Any"
  dst-addr "Any"
  service "Any"
exit
rule id 46
  action permit
  src-zone "Any"
  dst-zone "Any"
  src-addr "Any"
  dst-addr "Any"
  service "PING"
exit
rule id 11
  action permit
  src-zone "untrust"
  dst-zone "trust"
  src-addr "nqtwgroup"
  dst-addr "zj-wtqzgroup"
  service "wtqz_group"
  name "zj-nqtw-wtqz"
exit
"@

$r=@()

#正則進(jìn)行多行匹配,獲取每一個(gè)rule的塊
$st | Select-String '(?smi)rule id [1-9]{2}.*?exit' -AllMatches | Foreach {$_.Matches} | 
Foreach {

  #替代一下空格和換行符,這樣更規(guī)整,方便處理
  $temp=$_.value -replace 'rule id','rule-id'
  $temp=$temp -replace 'exit', ''
  $temp=$temp -replace '\r\n',','
  $list=$temp.split(',')

  $object = New-Object –TypeName PSObject
  try{
 foreach($item in $list){
    $c=$item.trim().split()
    $name=$c[0]
    $value=$c[1]

    $object | Add-Member -NotePropertyName $name -NotePropertyValue $value -ErrorAction SilentlyContinue

  }}catch{}
  $r+=$object

}

$r | select rule-id,action,src-zone,dst-zone,src-addr,dst-addr,service,name | ft

最后結(jié)果如下所示,成功獲取了所以的信息

rule-id action src-zone  dst-zone src-addr    dst-addr       service      name          
------- ------ --------  -------- --------    --------       -------      ----          
39      permit "Any"     "Any"    "Any"       "Any"          "Any"                      
46      permit "Any"     "Any"    "Any"       "Any"          "PING"                     
11      permit "untrust" "trust"  "nqtwgroup" "zj-wtqzgroup" "wtqz_group" "zj-nqtw-wtqz"
向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI