防火墙与F5数据的融合

2020年6月15日 发表评论 阅读评论

一、背景

最近有一个需求是想基于 Neo4j 做设备关联关系的查询和关联图的输出。就是通过输入一个公网IP+端口就可以查询其对应的后端F5地址信息和realserver信息。在实现这个功能之前,需要先将防火墙数据F5数据做一个关联。效果类似如下:

firewall-f5

二、数据关联

bigip F5配置,F5的配置有node、pool、destination部分组成并关联,以下逐步看其关联关系。

1、node配置

node即主机的节点关系,其配置类似如下:

ltm node /Common/192.168.20.78 {
    address 192.168.20.78
}

上面主要配置是的里面的IP地址信息。

2、pool配置

pool除了池名称外,还有members信息,members里包含的是node地址,配置类似如下:

ltm pool /Common/POOL-BI-VGOP20160304 {
    members {
        /Common/192.168.20.78:21 {
            address 192.168.20.78
        }
    }
    monitor /Common/tcp_half_open
}

3、destination virtual配置

ltm virtual配置中,除了配置名称,这里会涉及关联关系部分,destination指定的是F5上的虚地址,其对应的有pool,pool和上面提到的node关联住了。其对应的配置类似如下:

ltm virtual /Common/VIP-BI-VGOP20160304 {
    destination /Common/172.16.2.120:8021
    ip-protocol tcp
    mask 255.255.255.255
    pool /Common/POOL-BI-VGOP20160304
    profiles {
        /Common/ftp { }
        /Common/client-tcp-prof {
            context clientside
        }
        /Common/server-tcp-prof {
            context serverside
        }
    }
    source 0.0.0.0/0
    source-address-translation {
        pool /Common/Group1_POOL
        type snat
    }
    translate-address enabled
    translate-port enabled
}

这3部分数据处理完成以后,对应的列表如下:

三、实现代码

有了上面的效果,结下来就是和防火墙上的数据进行对应就行了,防火墙上的数据导出后的格式类似如下:

nat server zone untrust protocol icmp global 211.140.17.81 inside 172.16.2.21 vrrp 20
nat server zone untrust protocol tcp global 211.140.17.97 8090 inside 172.16.2.22 8090 vrrp 20
nat server zone untrust protocol tcp global 211.140.17.112 22 inside 172.16.2.112 22 vrrp 20
nat server zone untrust protocol tcp global 211.140.17.107 443 inside 172.16.2.107 443 vrrp 20
nat server zone untrust protocol tcp global 211.140.17.80 www inside 172.16.2.20 www vrrp 20

具体一并处理的代码如下:

#!/usr/bin/env python
# coding=utf8
# ===============================================================================
#   Copyright (C) 2020 www.361way.com site All rights reserved.
#   Filename      :ltm.py
#   Author        :yangbk <itybku@139.com>
#   Create Time   :2020-06-12 11:53
#   Description   :
# ===============================================================================
import re,mmap
import pandas as pd
fb = open('bigip.conf')
text = fb.read()
def Nodeinfo(text):
  try:
    m = re.compile(r'ltm\s+node\s+(.*?)\s+{', flags=re.DOTALL)
    nodes = re.findall(m,text)
  except:
    pass
  return nodes
def Poolinfo(text):
  try:
    #m = re.compile(r'ltm\s+pool.*?(\d+.\d+.\d+.\d+)monitor', flags=re.MULTILINE)
    #m = re.compile(r'ltm\s+pool\s+(.*?)monitor', flags=re.DOTALL + re.MULTILINE)
    m = re.compile(r'ltm\s+pool\s+(.*?)monitor', flags=re.DOTALL)
    pools = re.findall(m,text)
  except:
    #continue
    pass
  datapool = []
  for pool in pools:
     #m = re.compile(r'/Common/(.*?)\s+{', flags=re.DOTALL)
     #poolinfo = re.findall(m,pool)
     #print(poolinfo)
     pname = re.findall(r"/Common/(.*?)\s+{",pool)
     ips = re.findall(r"address\s+(.*?)\s+",pool,flags=re.DOTALL)
     if len(ips) >0:
      pooldata = [pname[0],", ".join(ips)]
      datapool.append(pooldata)
  return datapool
def Virtinfo(text):
  try:
    m = re.compile(r'ltm\s+virtual\s+(.*?)profiles', flags=re.DOTALL)
    virts = re.findall(m,text)
  except:
    #continue
    pass
  datavirt = []
  for virt in virts:
     m = re.compile(r'/Common/(.*?)\s+', flags=re.DOTALL)
     virtname = re.findall(r"/Common/(.*?)\s+{",virt)
     f5ipport = re.findall(r"destination\s+/Common/(.*?)\s+",virt,flags=re.DOTALL)
     poolname = re.findall(r"pool\s+/Common/(.*?)\s+",virt,flags=re.DOTALL)
     if poolname:
      data = [virtname[0],poolname[0],f5ipport[0]]
      datavirt.append(data)
  return datavirt
def Fwinfo(file):
  fb = open(file)
  fw = fb.read()
  fw = fw.replace("www", "80")
  fw = fw.replace("ftp", "21")
  fw = fw.replace(" ", ":")
  #print(fw)
  try:
    #m = re.compile(r'global:(.*?):inside:(.*?):vrrp', flags=re.DOTALL)
    m = re.compile(r'global:(.*?):inside:(.*?):vrrp')
    fwinfo = re.findall(m,fw)
    return fwinfo
  except:
    pass
datapool = Poolinfo(text)
datavirt = Virtinfo(text)
df1 = pd.DataFrame(data=datapool,columns=['poolname','ips'])
df2 = pd.DataFrame(data=datavirt,columns=['virtname','poolname','f5iport'])
df3 = pd.merge(df2,df1,left_on='poolname',right_on='poolname')
#print(result)
#result.to_excel("f5.xlsx")
datafw = Fwinfo("FW.txt")
dffw = pd.DataFrame(data=datafw,columns=['pubip','f5iport'])
result = pd.merge(dffw,df3,left_on='f5iport',right_on='f5iport')
result.to_excel("fw-f5.xlsx")




本站的发展离不开您的资助,金额随意,欢迎来赏!

You can donate through PayPal.
My paypal id: itybku@139.com
Paypal page: https://www.paypal.me/361way

  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.