97 lines
3.9 KiB
Python
97 lines
3.9 KiB
Python
import requests
|
|
import json
|
|
import os
|
|
import urllib3
|
|
|
|
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
|
|
|
|
def get_router_credentials(config_path, isp_name="dimensi", router_name="router-dimensi-dell"):
|
|
try:
|
|
with open(config_path, 'r') as f:
|
|
config = json.load(f)
|
|
routers = config.get("isps", {}).get(isp_name, {}).get("routers", {})
|
|
return routers.get(router_name)
|
|
except Exception as e:
|
|
print(f"Error membaca config: {e}")
|
|
return None
|
|
|
|
def update_mangle_rules():
|
|
router = get_router_credentials("/home/wartana/myApp/billing-mcp/config.json")
|
|
if not router:
|
|
print("Kredensial router-dimensi-dell tidak ditemukan di config.")
|
|
return
|
|
|
|
host = router["host"]
|
|
user = router["user"]
|
|
password = router["pass"]
|
|
port = router["port"]
|
|
|
|
api_url = f"http://{host}/rest"
|
|
if port != 80:
|
|
api_url = f"http://{host}:{port}/rest"
|
|
|
|
session = requests.Session()
|
|
session.auth = (user, password)
|
|
session.verify = False
|
|
|
|
print(f"Menghubungi router {host}:{port}...")
|
|
|
|
# 1. Hapus SEMUA mangle packet yang sudah ada (Hanya action=mark-packet pada chain=forward)
|
|
print("Menghapus mark-packet yang lama...")
|
|
del_payload = {"script": "/ip/firewall/mangle/remove [find chain=forward action=mark-packet]"}
|
|
try:
|
|
session.post(f"{api_url}/execute", json=del_payload, timeout=30)
|
|
except Exception as e:
|
|
pass
|
|
|
|
import time
|
|
time.sleep(2) # Beri waktu router mengeksekusi penghapusan massal
|
|
|
|
# 2. Definisikan Packet mark baru yang bypass BGP lokal
|
|
# Format: [List Name, Packet Mark Down, Packet Mark Up]
|
|
profiles = [
|
|
("EXPIRED", "EXPIRED_dl", "EXPIRED_ul"), # EXPIRED tetap dilimit mati dari/ke lokal
|
|
("star_10", "star_10_dl", "star_10_up"),
|
|
("star_20", "star_20_dl", "star_20_up"),
|
|
("star_30", "star_30_dl", "star_30_up"),
|
|
("star_50", "star_50_dl", "star_50_up"),
|
|
("star_100", "star_100_dl", "star_100_up"),
|
|
("star_150", "star_150_dl", "star_150_up"),
|
|
("star_200", "star_200_dl", "star_200_up"),
|
|
("star_500", "star_500_dl", "star_500_up"),
|
|
("hemat", "hemat_dl", "hemat_up")
|
|
]
|
|
|
|
# 3. Kumpulkan printah script Batch MikroTik
|
|
commands = []
|
|
|
|
for profile, dl_mark, up_mark in profiles:
|
|
# EXPIRED tidak di-bypass agar tidak bisa akses lokal sama sekali
|
|
if profile == "EXPIRED":
|
|
commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward dst-address-list={profile} new-packet-mark={dl_mark} passthrough=no")
|
|
commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward src-address-list={profile} new-packet-mark={up_mark} passthrough=no")
|
|
else:
|
|
# Profil reguler di-bypass (src/dst target = !ip-lokal)
|
|
# DOWNLOAD: IP Publik -> Pelanggan (!ip-lokal ke list star_*)
|
|
commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward dst-address-list={profile} src-address-list=!ip-lokal new-packet-mark={dl_mark} passthrough=no comment=\"Bypass BGP Lokal - {profile}\"")
|
|
# UPLOAD: Pelanggan -> IP Publik (star_* ke !ip-lokal)
|
|
commands.append(f"/ip/firewall/mangle/add action=mark-packet chain=forward src-address-list={profile} dst-address-list=!ip-lokal new-packet-mark={up_mark} passthrough=no")
|
|
|
|
script_code = "\n".join(commands)
|
|
|
|
print(f"Mengkreasikan ulang {len(commands)} buah rule Mangle Bypass BGP Lokal...")
|
|
|
|
payload = {"script": script_code}
|
|
|
|
try:
|
|
res = session.post(f"{api_url}/execute", json=payload, timeout=30)
|
|
if res.status_code in (200, 201):
|
|
print("Berhasil! Mangle Router Dimensi-Dell telah disinkronisasi.")
|
|
else:
|
|
print(f"Gagalan saat inject mangle: {res.text}")
|
|
except Exception as e:
|
|
print(f"Error eksekusi: {e}")
|
|
|
|
if __name__ == "__main__":
|
|
update_mangle_rules()
|