diff --git a/update_mangle.py b/update_mangle.py new file mode 100644 index 0000000..d3a3fef --- /dev/null +++ b/update_mangle.py @@ -0,0 +1,96 @@ +import requests +import json +import os +import urllib3 + +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + +def get_router_credentials(config_path, isp_name="dimensi", router_name="router-dimensi-dell"): + try: + with open(config_path, 'r') as f: + config = json.load(f) + routers = config.get("isps", {}).get(isp_name, {}).get("routers", {}) + return routers.get(router_name) + except Exception as e: + print(f"Error membaca config: {e}") + return None + +def update_mangle_rules(): + router = get_router_credentials("/home/wartana/myApp/billing-mcp/config.json") + if not router: + print("Kredensial router-dimensi-dell tidak ditemukan di config.") + return + + host = router["host"] + user = router["user"] + password = router["pass"] + port = router["port"] + + api_url = f"http://{host}/rest" + if port != 80: + api_url = f"http://{host}:{port}/rest" + + session = requests.Session() + session.auth = (user, password) + session.verify = False + + print(f"Menghubungi router {host}:{port}...") + + # 1. Hapus SEMUA mangle packet yang sudah ada (Hanya action=mark-packet pada chain=forward) + print("Menghapus mark-packet yang lama...") + del_payload = {"script": "/ip/firewall/mangle/remove [find chain=forward action=mark-packet]"} + try: + session.post(f"{api_url}/execute", json=del_payload, timeout=30) + except Exception as e: + pass + + import time + time.sleep(2) # Beri waktu router mengeksekusi penghapusan massal + + # 2. Definisikan Packet mark baru yang bypass BGP lokal + # Format: [List Name, Packet Mark Down, Packet Mark Up] + profiles = [ + ("EXPIRED", "EXPIRED_dl", "EXPIRED_ul"), # EXPIRED tetap dilimit mati dari/ke lokal + ("star_10", "star_10_dl", "star_10_up"), + ("star_20", "star_20_dl", "star_20_up"), + ("star_30", "star_30_dl", "star_30_up"), + ("star_50", "star_50_dl", "star_50_up"), + ("star_100", "star_100_dl", "star_100_up"), + ("star_150", "star_150_dl", "star_150_up"), + ("star_200", "star_200_dl", "star_200_up"), + ("star_500", "star_500_dl", "star_500_up"), + ("hemat", "hemat_dl", "hemat_up") + ] + + # 3. Kumpulkan printah script Batch MikroTik + commands = [] + + for profile, dl_mark, up_mark in profiles: + # EXPIRED tidak di-bypass agar tidak bisa akses lokal sama sekali + if profile == "EXPIRED": + commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward dst-address-list={profile} new-packet-mark={dl_mark} passthrough=no") + commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward src-address-list={profile} new-packet-mark={up_mark} passthrough=no") + else: + # Profil reguler di-bypass (src/dst target = !ip-lokal) + # DOWNLOAD: IP Publik -> Pelanggan (!ip-lokal ke list star_*) + commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward dst-address-list={profile} src-address-list=!ip-lokal new-packet-mark={dl_mark} passthrough=no comment=\"Bypass BGP Lokal - {profile}\"") + # UPLOAD: Pelanggan -> IP Publik (star_* ke !ip-lokal) + commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward src-address-list={profile} dst-address-list=!ip-lokal new-packet-mark={up_mark} passthrough=no") + + script_code = "\n".join(commands) + + print(f"Mengkreasikan ulang {len(commands)} buah rule Mangle Bypass BGP Lokal...") + + payload = {"script": script_code} + + try: + res = session.post(f"{api_url}/execute", json=payload, timeout=30) + if res.status_code in (200, 201): + print("Berhasil! Mangle Router Dimensi-Dell telah disinkronisasi.") + else: + print(f"Gagalan saat inject mangle: {res.text}") + except Exception as e: + print(f"Error eksekusi: {e}") + +if __name__ == "__main__": + update_mangle_rules()