gfwleak/tango-tsg-master
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
de133e66fa2ca08395b8d864df4e3f50ba393e99
tango-tsg-master/bin/tsg_maat.json
liuxueli fdd6c8ab2b 调整扫描的属地表名称,同时调整table_info,IP归属地表不能使用composition聚合表 
支持扫描quic协议,增加相关代码
调整发送IP归属地字段的位置,保证拦截日志能正常填充IP归属地字段
2020-05-29 14:40:15 +08:00

151 lines
5.7 KiB
JSON
Raw Blame History

{
"compile_table": "TSG_SECURITY_COMPILE",
"group_table": "GROUP_COMPILE_RELATION",
"rules": [
{
"compile_id": 1,
"service": 0,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name": "IP_ADDR_1",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.100.5",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 6,
"direction": "double"
}
}
]
},
{
"group_name": "IP_ADDR_2",
"regions": [
{
"table_name": "TSG_OBJ_IP_ADDR",
"table_type": "ip_plus",
"table_content": {
"addr_type": "ipv4",
"src_ip": "192.168.50.37",
"mask_src_ip": "255.255.255.255",
"src_port": "0",
"mask_src_port": "65535",
"dst_ip": "0.0.0.0",
"mask_dst_ip": "255.255.255.255",
"dst_port": "0",
"mask_dst_port": "65535",
"protocol": 6,
"direction": "double"
}
}
]
},
{
"group_name": "ASN",
"regions": [
{
"table_name": "TSG_OBJ_AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "101",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
},
{
"table_name": "TSG_OBJ_AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "102",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name": "LOCATION",
"regions": [
{
"table_name": "TSG_OBJ_GEO_LOCATION",
"table_type": "expr",
"table_content": {
"keywords": "China",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 5,
"service": 0,
"action": 128,
"do_blacklist": 0,
"do_log": 1,
"effective_rage": 0,
"user_region": "anything",
"is_valid": "yes",
"groups": [
{
"group_name":"IP_ADDR_1",
"virtual_table":"TSG_SECURITY_SOURCE_ADDR",
"not_flag":0
},
{
"group_name":"IP_ADDR_2",
"virtual_table":"TSG_SECURITY_DESTINATION_ADDR",
"not_flag":0
},
{
"group_name":"ASN",
"virtual_table":"TSG_SECURITY_SOURCE_ASN",
"not_flag":0
},
{
"group_name":"LOCATION",
"virtual_table":"TSG_SECURITY_DESTINATION_LOCATION",
"not_flag":0
}
]
}
],
"plugin_table": [
{
"table_name": "TSG_IP_ASN_USER_DEFINED",
"table_content": [
"101\t4\t192.168.50.1\t192.168.50.255\t101\tmesa\t1",
"102\t4\t192.168.100.1\t192.168.100.255\t102\tgeedge\t1"
]
},
{
"table_name": "TSG_IP_LOCATION_USER_DEFINED",
"table_content": [
"201\t20100\t4\t192.168.50.1\t192.168.50.255\t11.12\t11.12\t0\ten\tAS\tAsia\tCN\tChina\tBJ\tBeijing\tBeijing\tAsia/Singapore\t1",
"202\t20200\t4\t192.168.100.1\t192.168.100.255\t11.12\t11.12\t0\ten\tAS\tAsia\tCN\tChina\tSH\tShanghai\tShanghai\tAsia/Singapore\t1"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink