通过API动态更新Cloudflare的DNS记录

准备相关信息

在cloudflare上面获取相关的Key ID,包括Zone ID 、Accout ID、DNS Record ID,以及API KEY ID;
https://dash.cloudflare.com/
在页面最下边的右面。

Openwrt配置修改

在Openwrt路由器上创建两个文件。

file1:/etc/hotplug.d/iface/90-ddns

## /etc/hotplug.d/iface/90-ddns
#!/bin/sh 
[ "$ACTION" = ifup ] || exit 0
[ "$INTERFACE" = wan ] || exit 0
/usr/lib/ddns/new_cloudflare_v4.sh

file2:/usr/lib/ddns/new_cloudflare_v4.sh

!/bin/ash
 CHANGE THESE
 auth_email="you@domain.com"
 auth_key="This is you Key" # found in cloudflare account settings
 zone_name="youdomain.com"
 record_name="gw-private.ghdog.com"
 bauth_key=You API KEY
 zone_identifier=You Zone ID
 record_identifier=You Record ID
 MAYBE CHANGE THESE
 ip=$(curl -s http://ipv4.icanhazip.com)
 ip=$(ip address show dev pppoe-wan | grep inet | sed 's/^[ \t]*//g' | cut -d ' ' -f2)
 ip_file="ip.txt"
 id_file="cloudflare.ids"
 log_file="/var/log/ddns_gw-private.ghdog.com.cloudflare.log"
 LOGGER
 log() {
     if [ "$1" ]; then
         echo -e "[$(date)] - $1" >> $log_file
     fi
 }
 SCRIPT START
 log "Check Initiated"
 if [ -f $ip_file ]; then
 old_ip=$(cat $ip_file)
 if [ $ip == $old_ip ]; then
 echo "IP has not changed."
 exit 0
 fi
 fi
 if [ -f $id_file ] && [ $(wc -l $id_file | cut -d " " -f 1) == 2 ]; then
 zone_identifier=$(head -1 $id_file)
 record_identifier=$(tail -1 $id_file)
 else
 zone_identifier=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?name=$zone_name" -H "X-Auth-Email: $auth_email" -H "X-Auth-Key: $auth_key" -H "Content-Type: application/json" | grep -Po '(?<="id":")[^"]*' | head -1 )
 record_identifier=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$zone_identifier/dns_records?name=$record_name" -H "X-Auth-Email: $auth_email" -H "X-Auth-Key: $auth_key" -H "Content-Type: application/json"  | grep -Po '(?<="id":")[^"]*')
 echo "$zone_identifier" > $id_file
 echo "$record_identifier" >> $id_file
 fi
 update=$(curl -s -X PUT "https://api.cloudflare.com/client/v4/zones/$zone_identifier/dns_records/$record_identifier" -H "X-Auth-Email: $auth_email" -H "X-Auth-Key: $auth_key" -H "Content-Type: application/json" --data "{\"id\":\"$zone_identifier\",\"type\":\"A\",\"name\":\"$record_name\",\"content\":\"$ip\"}")
 update=$(curl -X PUT "https://api.cloudflare.com/client/v4/zones/$zone_identifier/dns_records/$record_identifier" -H "X-Auth-Email: $auth_email" -H "Authorization: Bearer $bauth_key" -H "Content-Type: application/json" --data "{\"type\":\"A\",\"name\":\"$record_name\",\"content\":\"$ip\",\"ttl\":1,\"proxied\":false}")
 if [[ $update == "\"success\":false" ]]; then
     message="API UPDATE FAILED. DUMPING RESULTS:\n$update"
     log "$message"
     echo -e "$message"
     exit 1 
 else
     message="IP changed to: $ip"
     echo "$ip" > $ip_file
     log "$message"
     echo "$message"
 fi
 !/bin/sh
 [ "$ACTION" = ifup ] || exit 0
 [ "$INTERFACE" = wan ] || exit 0
 /usr/lib/ddns/new_cloudflare_v4.sh

这样每当路由器重新获取了IP后,系统就会自动修改该域名的IP。

锐捷一体化网关EG680-P对外通信分析-私自建立对外隧道连接

一、网络环境介绍

在互联网时代,我想没有一个人家庭没有接入互联网。
现在人手一个手机的时代,无线WIFI是必不可少的一个重要支撑组件。
在新房装修的时候,采用了锐捷的一体化网关+AP的方式进行的组网。网络拓扑图如下(草图)

3e4977ef98d295a2d2b7860073776d37.png

锐捷一体化网关设备的型号为:EG680-P
该设备的当前软件版本为:已安装软件版本:EG_RGOS 11.9(2)B11P2

在家庭网络中,接入了各种智能家庭终端、家庭文件共享中心、多媒体娱乐等;

在网络部署中,将EG680-P设备的IP地址设置为192.168.77.2。

  • 一、网络环境介绍
  • 二、锐捷EG680-P对外通信:大量DNS请求
  • 三、未启用云服务,锐捷EG网关私自与cloud.ruijie.com.cn通信注册。
  • 四、EG680-P一体化网关私自建立外部隧道CLASSIS-STUN
  • 五、锐捷EG680-P网关与外界通信的合计
  • 六、《中华人民共和国网络安全法》

继续阅读“锐捷一体化网关EG680-P对外通信分析-私自建立对外隧道连接”

在交换机上定时执行任务

http://www.h3c.com/cn/d_201411/845120_30005_0.htm

在H3C交换机上定时执行命令。

scheduler job shutdown_interafce_1-0_7
 command 0 system-view
 command 1 interface GigabitEthernet1/0/7
 command 2 shutdown
#
scheduler schedule shutdown_interface
 user-role network-operator
 user-role network-admin
 job shutdown_interafce_1-0_7
 time repeating at 06:51
#
[XYAD_POE_1]display  scheduler logfile
Logfile Size: 413 Bytes.
Job name        : shutdown_interafce_1-0_7
Schedule name   : shutdown_interface
Execution time  : Wed May  1 06:51:00 2013
Completion time : Wed May  1 06:51:05 2013
--------------------------------- Job output -----------------------------------
<XYAD_POE_1>system-view
System View: return to User View with Ctrl+Z.
[XYAD_POE_1]interface GigabitEthernet1/0/7
[XYAD_POE_1-GigabitEthernet1/0/7]shutdown