image.png

自動檢測 自動更新 設置crontab 定時每10分鐘執(zhí)行一下sh if-public-net.sh 檢測腳本即可

[11:16:17root@Test /opt/hxkj]#cat if-public-net.sh 
#!/bin/bash
old_ip=$(cat old.log)
new_ip=$(curl -s https://ipw.cn/api/ip/myip)
echo oldip:$old_ip
echo newip:$new_ip
if [ "$old_ip" != "$new_ip" ];then
    python3 /opt/hxkj/aliyun-update-ip-test.py
    python3 /opt/hxkj/aliyun-update-ip-prod.py
    curl -s https://ipw.cn/api/ip/myip > old.log
else
     exit 0
fi
[11:17:22root@Test /opt/hxkj]#cat aliyun-update-ip-test.py 
#!/usr/local/bin/python3
#coding=utf-8
import re
from urllib import request
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.acs_exception.exceptions import ClientException
from aliyunsdkcore.acs_exception.exceptions import ServerException
from aliyunsdkecs.request.v20140526.RevokeSecurityGroupRequest import RevokeSecurityGroupRequest
from aliyunsdkecs.request.v20140526.AuthorizeSecurityGroupRequest import AuthorizeSecurityGroupRequest


# 獲取當前公網(wǎng)ip
def GetCompanyPublicIp():
    req = request.Request('https://ipw.cn/api/ip/myip')
    # req.add_header('User-Agent', 'curl/7.53.1')   ## 用curl方式請求吕世，會少很多html頁面命辖。
    req.add_header('User-Agent',
                   'Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1')
    f = request.urlopen(req)
    ip_str = f.read().decode('utf-8')
    ip = re.findall(r"\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b", ip_str)
    return ip[0]


# 獲取歷史公網(wǎng)ip
def GetCompanyOldIp():
    try:
        f = open('ip.txt', 'r')
        oldIP = f.read().strip()
        return oldIP
    except IOError:
        print("Error: 沒有找到文件或讀取文件失敗")
    else:
        f.close()


# 寫入新的ip到本地
def IputCompanyNewIp(ip):
    try:
        f = open('ip.txt', 'w')
        f.write(ip)
    except IOError:
        print("Error: 沒有找到文件或讀取文件失敗")
    else:
        print("寫入NewIp成功")
        f.close()
# 此處分別填寫創(chuàng)建的RAM子賬號的AccessKeyId，子賬號的AccessKeySecret尔许，以及要管理的大區(qū)
client = AcsClient('111111', '111111', 'cn-111111')

def DelGroup(SourceCidrIp):
    request = RevokeSecurityGroupRequest()
    request.set_accept_format('json')
    request.set_SecurityGroupId("sg-111111")
    request.set_PortRange("1/65535")
    request.set_IpProtocol("tcp")
    request.set_SourceCidrIp(SourceCidrIp)
    response = client.do_action_with_exception(request)
    request.set_Description("公司出網(wǎng)端口")
    print(str(response, encoding='utf-8'))
# 添加規(guī)則
def AddGroup(SourceCidrIp):
    request = AuthorizeSecurityGroupRequest()
    request.set_accept_format('json')
    request.set_SecurityGroupId("sg-111111")  # 安全組ID
    request.set_IpProtocol("tcp")
    request.set_PortRange("1/65535")
    request.set_Description("公司出網(wǎng)端口")
    request.set_SourceCidrIp(SourceCidrIp)
    response = client.do_action_with_exception(request)
    print(str(response, encoding='utf-8'))
# AddGroup(ip)
if __name__ == '__main__':
    NewIp = GetCompanyPublicIp()
    OldIp = GetCompanyOldIp()
    if NewIp == OldIp:
        print('公司出口ip沒有發(fā)生變化')
    else:
        print('公司出口ip發(fā)生變化：', NewIp)
        IputCompanyNewIp(NewIp)
        DelGroup(OldIp)
        AddGroup(NewIp)

image.png

# 本文使用的Python版本為Python 3.7
pip install aliyun-python-sdk-core-v3
pip install aliyun-python-sdk-ecs

# 腳本如下：
#!/usr/bin/python3
#coding=utf-8
'''
當辦公室的公網(wǎng)ip改變時味廊，調(diào)用阿里云的API放行當前的公網(wǎng)IP和指定的端口
'''
import json
import re
import requests
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest


def get_ip(url):
    """
    定義http head偽裝成curl瀏覽器獲取IP數(shù)據(jù)
    """
    headers = { 'User-Agent': "curl/10.0","Content-type":"application/x-www-form-urlencoded","Accept":"text/plain"}
    r = requests.get(url,headers=headers)
    text = re.search(r'(\d+\.\d+\.\d+\.\d+)',r.text).group(1)
    return (text)

def get_old_ip(log_file):
    """
    獲取文件中的IP地址
    """
    try:
        open_files = open(log_file, "r")
        old_ip = open_files.read()
        open_files.close()
        return (old_ip)
    except:
        return 0

def change_ip(log_file):

    try:
        open_files = open(log_file, "w+")
        open_files.write(new_ip)
        open_files.close()
    except:
        pass

def Get_sourceIP(RegionId,SecurityGroupId,Port):
   '''
   獲取已存在的安全組的IP
   '''
   request.set_action_name('DescribeSecurityGroupAttribute')
   request.add_query_param('RegionId', RegionId)
   request.add_query_param('SecurityGroupId', SecurityGroupId)
   request.add_query_param('NicType', 'intranet')
   request.add_query_param('Direction', 'all')
   response = client.do_action_with_exception(request)      #調(diào)用阿里云api返回安全組所有規(guī)則

   text = (re.match(r'^b\'(.*?)\'$' ,str(response)).group(1))  #將獲取到的bytes數(shù)據(jù)轉(zhuǎn)換成str并用正則去掉b前綴

   text = json.loads(text)    #將數(shù)據(jù)用json解碼
   #len_text = len(text)
   for i in range(0,len(text)):     #獲取text列表的長度棠耕，并以此開始循環(huán)遍歷
      if text['Permissions']['Permission'][i]['PortRange'] == Port:
         ip = (text['Permissions']['Permission'][i]['SourceCidrIp'])
         break
   #遍歷列表，當PortRange等于所定義的端口時辉巡，返回IP并跳出循環(huán)
   # print(text['Permissions']['Permission'][]['SourceCidrIp'])
   return (ip)



def Remove(RegionId,SecurityGroupId,IpProtocol,PortRange,SourceCidrIp):
   '''
   RevokeSecurityGroup：從指定的安全組刪除一條規(guī)則
   '''
   request.set_action_name('RevokeSecurityGroup')
   request.add_query_param('RegionId', RegionId)
   request.add_query_param('SecurityGroupId', SecurityGroupId)
   request.add_query_param('IpProtocol', IpProtocol)
   request.add_query_param('PortRange', PortRange)
   request.add_query_param('SourceCidrIp', SourceCidrIp)
   request.add_query_param('NicType', 'intranet')
   response = client.do_action_with_exception(request)
   #print(response)

def Add_NewIP(RegionId,SecurityGroupId,IpProtocol,PortRange,SourceCidrIp):
   '''
   AuthorizeSecurityGroup：添加一個規(guī)則到指定的安全組
   '''
   request.set_action_name('AuthorizeSecurityGroup')
   request.add_query_param('RegionId', RegionId)
   request.add_query_param('SecurityGroupId', SecurityGroupId)
   request.add_query_param('IpProtocol', IpProtocol)
   request.add_query_param('PortRange', PortRange)
   request.add_query_param('SourceCidrIp', SourceCidrIp)
   request.add_query_param('NicType', 'intranet')
   request.add_query_param('Description', 'PythonScriptCreated')
   response = client.do_action_with_exception(request)

if __name__ == "__main__":
    request = CommonRequest()
    request.set_accept_format('json')               #阿里云返回的數(shù)據(jù)類型為json格式
    request.set_domain('ecs.aliyuncs.com')
    request.set_method('POST')
    request.set_version('2014-05-26')               #api版本
    client = AcsClient('填寫AccessKeyID', '填寫AccessKeySecret', 'cn-shenzhen')
   #阿里云api固定認證格式：AccessKeyID郊楣，AccessKeySecret瓤荔，RegionId

    RegionId = 'cn-shenzhen'                                         #區(qū)域
    SecurityGroupId = ['填寫安全組id']         #安全組ID
    IpProtocol = 'tcp'                                               #協(xié)議類型
    PortRange = ['38848/38848']                                #端口

    log_file = 'ip.log'                     #將IP地址保存至一個文件中
    new_ip = get_ip("https://ipv4.ngx.hk")       #獲取當前IP的URL https://ipv4.ngx.hk http://ip.42.pl/raw
    old_ip = get_old_ip(log_file)
    NewIP = new_ip

    if new_ip != old_ip:
        change_ip(log_file)
        for i in SecurityGroupId:
            for j in PortRange:
                try:
                    OldIP = Get_sourceIP(RegionId=RegionId, SecurityGroupId=i, Port='38848/38848')
                    # 調(diào)用Get_sourceIP函數(shù)獲取舊的IP。若IP不存在或?qū)亩丝诓粚衿伲瑒t拋出異常，直接執(zhí)行添加
                    Remove(RegionId=RegionId, SecurityGroupId=i, IpProtocol=IpProtocol, PortRange=j, SourceCidrIp=OldIP)
                    Add_NewIP(RegionId=RegionId, SecurityGroupId=i, IpProtocol=IpProtocol, PortRange=j, SourceCidrIp=NewIP)
                except:
                    Add_NewIP(RegionId=RegionId, SecurityGroupId=i, IpProtocol=IpProtocol, PortRange=j, SourceCidrIp=NewIP)

image.png