H3C防火墻ACL設(shè)置的批處理腳本最后由 ejzhang 于 -10-14 14:56因?yàn)楣ぷ餍枰l繁開啟關(guān)閉互聯(lián)網(wǎng)終端權(quán)限，特編寫了H3C防火墻ACL設(shè)置腳本方便值班人員操作?，F(xiàn)放出來供大家參考，防火墻為F1070，軟件版本CMW 7.1.064 Release 9360P27，其他設(shè)備未測試，需開啟SSH登錄，腳本使用plink連接防火墻。

@echo off
plink -V>nul 2>&1
if ERRORLEVEL 9009 (echo 未找到 plink 程序！&& pause>nul && goto end)
set acl=2000
set userid=admin
set passwd=admin123
set router=192.168.1.1
ping -n 1 %router%>nul 2>&1
if ERRORLEVEL 1 (echo 無法訪問路由器！ && pause>nul && goto end)
:begin
if EXIST %TEMP% (set rulesfile=%TEMP%rules.h3c) else (set rulesfile=rules.h3c)
type nul> %rulesfile%.tmp
for /f tokens=2-5* %%i in ('plink -batch -l %userid% -pw %passwd% %router% display acl %acl% ^| findstr /rc: *rule *[0-9][0-9]* *[<permit> <deny> <comment>]') do @if %%j==permit (echo %%i: %%l ^(Yes^)) else (if %%j==deny (echo %%i: %%l ^(No^)) else (echo %%i: %%k%%l%%m))>> %rulesfile%.tmp
type nul> %rulesfile%
for /f tokens=1* delims=: %%i in ('findstr (Yes)$ (No)$ %rulesfile%.tmp') do (
set comment=
for /f skip=1 tokens=2* %%x in ('findstr ^%%i: %rulesfile%.tmp') do set comment=true && echo %%i:%%j //%%x%%y
if not defined comment echo %%i:%%j
)>> %rulesfile%
del /q %rulesfile%.tmp
:repeat
echo.
echo 互聯(lián)網(wǎng)終端開通/關(guān)閉情況（Yes:開，No:關(guān)）：
type %rulesfile%
set /p no=請輸入要開通/關(guān)閉的互聯(lián)網(wǎng)終端編號（可用“,”分割輸入多個編號，0:退出）：
set tt=%time::=%
set tt=%tt:.=%
set tt=%tt: =0%
if EXIST %TEMP% (set cmdfile=%TEMP%inet-updown-%tt%.h3c) else (set cmdfile=inet-updown-%tt%.h3c)
echo system> %cmdfile%
echo acl basic %acl%>> %cmdfile%
set openNodes=
set closeNodes=
setlocal enableDelayedExpansion
:loop
for /f tokens=1* delims=,  %%i in (%no%) do (
if %%i equ 0 goto end
set id=%%i
set no=%%j
set ip=
for /f tokens=2 %%x in ('findstr ^%%i: %rulesfile%') do set ip=%%x
if defined ip goto found
echo 終端編號 %%i 無效！
goto loop
:found
findstr ^%id%:.*(Yes) %rulesfile%>nul 2>&1 && (set closeNodes=%closeNodes%，%id%) || (set openNodes=%openNodes%，%id%)
(findstr ^%id%:.*(Yes) %rulesfile%>nul 2>&1 && (echo rule %id% deny source %ip% 0) || (echo rule %id% permit source %ip% 0))>> %cmdfile%
)
if defined no goto loop
if defined openNodes echo 正在開通 %openNodes:~1% 號互聯(lián)網(wǎng)終端...
if defined closeNodes echo 正在關(guān)閉 %closeNodes:~1% 號互聯(lián)網(wǎng)終端...
endlocal
echo return>> %cmdfile%
echo quit>> %cmdfile%
plink -batch -l %userid% -pw %passwd% %router% -m %cmdfile%>nul 2>&1
del /q %cmdfile%>nul 2>&1
goto begin
:end
del /q %cmdfile%>nul 2>&1
del /q %rulesfile%>nul 2>&1
nclick="copycode($('code0'));">復(fù)制代碼