API tools faq
paste
Guest User

Untitled

a guest
Jul 2nd, 2011
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 10.82 KB | None | 0 0
raw download clone embed print report
  1. echo -n "Firewall name: "
  2. read fwname
  3. echo -n "Domain name: "
  4. read dname
  5. echo -n "Password: "
  6. read password
  7. echo -n "eth0 speed (10/100/auto): "
  8. read eth0speed
  9. echo -n "eth1 speed (10/100/auto): "
  10. read eth1speed
  11. echo "1. Linux"
  12. echo "2. Windows"
  13. echo "3. Exit"
  14. echo -n "Please select an operating system: "
  15. read OS
  16.         if [ $OS == 1 ]; then
  17.                 OS="lin"
  18.         elif [ $OS == 2 ]; then
  19.                 OS="win"
  20.         elif [ $OS == 2 ]; then
  21.                 exit
  22.         else
  23.         echo "No OS specified, exiting"
  24.         exit
  25.         fi
  26. conf_file="$fwname.$dname"
  27. touch $conf_file
  28. echo -n "Firewall IP: "
  29. read fwip
  30. echo -n "Default gateway: "
  31. read gw
  32. echo "enable" >> $conf_file
  33. echo "configure terminal" >> $conf_file
  34. echo "interface ethernet0 $eth0speed"full >> $conf_file
  35. echo "interface ethernet1 $eth1speed"full >> $conf_file
  36. echo "enable password $password" encrypted >> $conf_file
  37. echo "passwd $password" encrypted >> $conf_file
  38. echo "hostname $fwname" >> $conf_file
  39. echo "domain-name $dname" >> $conf_file
  40. echo "" >> $conf_file
  41. echo "fixup protocol ftp 21" >> $conf_file
  42. echo "fixup protocol h323 h225 1720" >> $conf_file
  43. echo "fixup protocol h323 ras 1718-1719" >> $conf_file
  44. echo "fixup protocol http 80" >> $conf_file
  45. echo "fixup protocol rsh 514" >> $conf_file
  46. echo "fixup protocol rtsp 554" >> $conf_file
  47. echo "fixup protocol sip 5060" >> $conf_file
  48. echo "fixup protocol sip udp 5060" >> $conf_file
  49. echo "fixup protocol skinny 2000" >> $conf_file
  50. echo "fixup protocol smtp 25" >> $conf_file
  51. echo "fixup protocol sqlnet 1521" >> $conf_file
  52. echo "fixup protocol tftp 69" >> $conf_file
  53. echo "" >> $conf_file
  54. echo "names" >> $conf_file
  55. echo "name $fwip $fwname" >> $conf_file
  56. echo "name "$gw" DefaultGateway" >> $conf_file
  57. echo "name 192.168.0.1" "$fwname-inside" >> $conf_file
  58. declare -i TOT_IP
  59. declare -a IP
  60. read -p "Number of external IP's on the server: " TOT_IP
  61. for i in $(seq 1 $TOT_IP)
  62.         do
  63.                 read -p "$i. Specify IP: " IP[$i]
  64.         done
  65. let i=1
  66. for IP in ${IP[*]}
  67.         do
  68.                 let intip=i+1
  69.                 echo "name" $IP EXT-IP-"$i" >> $conf_file
  70.                 echo "name" 192.168.0."$intip" INT-IP-"$i" >> $conf_file
  71.                 let i=i+1
  72.         done
  73. echo "" >> $conf_file
  74. echo -n "Do specific remote users require access to certain ports? (y/n) "
  75. read SPECUSERS
  76. if [ $SPECUSERS == y ]; then
  77. echo "" >> $conf_file
  78. echo "object-group network customer_specified" >> $conf_file
  79. echo -n "How many users are required? "
  80. read USERS
  81.     COUNT=$(eval "echo {1..$USERS}")
  82.         for i in $COUNT
  83.                 do
  84.                         read -p "Specify remote IP address: " IPS[$i]
  85.                 done
  86.         for IP in ${IPS[*]}
  87.                 do
  88.                         echo "network-object" "$IP" "255.255.255.255" >> $conf_file
  89.                 done
  90.  
  91. fi
  92. echo "access-list inbound remark Allow ICMP inbound" >> $conf_file
  93. echo "access-list inbound permit icmp any any echo" >> $conf_file
  94. echo "access-list inbound permit icmp any any traceroute" >> $conf_file
  95. echo "access-list inbound permit icmp any any echo-reply" >> $conf_file
  96. echo "access-list inbound remark Allow HTTP access" >> $conf_file
  97. COUNT=$(eval "echo {1..$TOT_IP}")
  98. for i in $COUNT
  99.         do
  100.                 echo "access-list inbound permit tcp any host" EXT-IP-"$i" eq www >> $conf_file
  101.         done
  102.  
  103. echo "access-list inbound remark Allow HTTPS access" >> $conf_file
  104. COUNT=$(eval "echo {1..$TOT_IP}")
  105. for i in $COUNT
  106.         do
  107.                 echo "access-list inbound permit tcp any host" EXT-IP-"$i" eq https >> $conf_file
  108.         done
  109.  
  110. echo "access-list inbound remark Allow SMTP access" >> $conf_file
  111. COUNT=$(eval "echo {1..$TOT_IP}")
  112. for i in $COUNT
  113.         do
  114.                 echo "access-list inbound permit tcp any host" EXT-IP-"$i" eq smtp >> $conf_file
  115.         done
  116.  
  117. echo "access-list inbound remark Allow DNS access" >> $conf_file
  118. COUNT=$(eval "echo {1..$TOT_IP}")
  119. for i in $COUNT
  120.         do
  121.                 echo "access-list inbound permit tcp any host" EXT-IP-"$i" eq domain >> $conf_file
  122.                 echo "access-list inbound permit udp any host" EXT-IP-"$i" eq domain >> $conf_file
  123.         done
  124.  
  125. echo "access-list inbound remark Allow FTP access" >> $conf_file
  126. COUNT=$(eval "echo {1..$TOT_IP}")
  127. for i in $COUNT
  128.         do
  129.                 echo "access-list inbound permit tcp any host" EXT-IP-"$i" eq ftp >> $conf_file
  130.                 echo "access-list inbound permit tcp any host" EXT-IP-"$i" eq ftp-data >> $conf_file
  131.         done
  132.         if [ $OS == win ]; then
  133.                 echo "access-list inbound remark Allow Remote Desktop access" >> $conf_file
  134.                 COUNT=$(eval "echo {1..$TOT_IP}")
  135.                 for i in $COUNT
  136.                         do
  137.                                 echo "access-list inbound permit tcp any host EXT-IP-"$i" eq 3389" >> $conf_file
  138.                         done
  139.         fi
  140.         if [ $OS == lin ]; then
  141.                 echo "access-list inbound remark Allow SSH access" >> $conf_file
  142.                 COUNT=$(eval "echo {1..$TOT_IP}")
  143.                 for i in $COUNT
  144.                         do
  145.                                 echo "access-list inbound permit tcp any host EXT-IP-"$i" eq 23" >> $conf_file
  146.                         done
  147.         fi
  148. declare -i NUM_PORTS
  149. declare -a PORTS
  150. echo "The Following ports are opened by default"
  151. echo "PORT   Service"
  152. echo " 80      WWW"
  153. echo " 21      FTP"
  154. echo " 443     HTTPS"
  155. echo " 25      SMTP"
  156. echo " 53      DNS"
  157. if [ $OS == lin ]; then
  158.         echo " 23      SSH"
  159. elif [ $OS == win ]; then
  160.         echo " 3389    Remote Desktop"
  161. fi
  162. echo
  163. read -p "Do you need to open a port range? (y/n) " RANGE
  164. if [ $RANGE == "y" ]
  165.     then
  166.     echo "access-list inbound remark additional range (customer req)" >> $conf_file
  167.     echo -n "Do only the users specified earlier require access to this port range? (y/n) "
  168.     read SPECS
  169.         if [ $SPECS == "y" ]
  170.         then
  171.         read -p "From port: " RANGE1
  172.         read -p "To port: " RANGE2
  173.             EXTIP=$(eval "echo {1..$TOT_IP}")
  174.             for i in $EXTIP
  175.                 do
  176.                         echo "access-list inbound permit tcp object-group customer_specified EXT-IP-""$i" "range" "$RANGE1" "$RANGE2" >> $conf_file
  177.                     done
  178.         else
  179.         read -p "From port: " RANGE1
  180.         read -p "To port: " RANGE2
  181.               EXTIP=$(eval "echo {1..$TOT_IP}")
  182.                         for i in $EXTIP
  183.                                 do
  184.                                 echo "access-list inbound permit tcp any host EXT-IP-""$i" "range" "$RANGE1" "$RANGE2" >> $conf_file
  185.                                 done
  186.         fi
  187. fi                                 
  188. read -p "How many additional ports do you want to open? (type 0 to skip) " NUM_PORTS
  189. if [ $NUM_PORTS -gt "0" ]
  190.         then
  191.     echo "access-list outbound remark additional ports (customer req)" >> $conf_file
  192.         COUNT=$(eval "echo {1..$NUM_PORTS}")
  193.         for i in $COUNT
  194.                 do
  195.                         read -p "$i. specify port: " PORTS[$i]
  196.                 done
  197.         for port in ${PORTS[*]}
  198.                 do
  199.                 echo -n "Is access to port" "$port" "limited to the users specified previously? (y/n)"
  200.                 read  SPECS
  201.                         EXTIP=$(eval "echo {1..$TOT_IP}")
  202.                         for i in $EXTIP
  203.                                 do
  204.                 if [ $SPECS == "y" ]
  205.                 then
  206.                 echo "access-list inbound permit tcp object-group customer_specified EXT-IP-""$i" eq "$port" >> $conf_file
  207.                 else
  208.                                 echo "access-list inbound permit tcp any host EXT-IP-""$i" eq "$port" >> $conf_file
  209.                                 fi
  210.                 done
  211.                 done
  212. fi
  213. echo "access-list inbound deny ip any any" >> $conf_file
  214. echo "access-list outbound remark" >> $conf_file
  215. echo "access-list outbound permit ip any any" >> $conf_file
  216. echo "pager lines 24" >> $conf_file
  217. echo "logging on" >> $conf_file
  218. echo "logging timestamp" >> $conf_file
  219. echo "logging buffered warnings" >> $conf_file
  220. echo "icmp permit any echo-reply outside" >> $conf_file
  221. echo "icmp permit any echo outside" >> $conf_file
  222. echo "icmp deny any outside" >> $conf_file
  223. echo "icmp permit any inside" >> $conf_file
  224. echo "mtu outside 1500" >> $conf_file
  225. echo "mtu inside 1500" >> $conf_file
  226. echo "ip address outside" "$fwname" "255.255.254.0" >> $conf_file
  227. echo "ip address inside" "$fwname-inside" "255.255.255.0" >> $conf_file
  228. echo "ip audit info action alarm" >> $conf_file
  229. echo "ip audit attack action alarm" >> $conf_file
  230. echo "no pdm history enable" >> $conf_file
  231. echo "arp timeout 14400" >> $conf_file
  232. echo "global (outside) 1 interface" >> $conf_file
  233. echo "nat (inside) 1 0.0.0.0 0.0.0.0 0 0" >> $conf_file
  234.         COUNT=$(eval "echo {1..$TOT_IP}")
  235.         for i in $COUNT
  236.                 do
  237.                         echo "static" "(inside,outside)" "EXT-IP-$i" "INT-IP-$i" "netmask 255.255.255.255 0 0" >> $conf_file
  238.                 done
  239.  
  240. echo "access-group inbound in interface outside" >> $conf_file
  241. echo "access-group outbound in interface inside" >> $conf_file
  242. echo "route outside 0.0.0.0 0.0.0.0 DefaultGateway 1" >> $conf_file
  243. echo "timeout xlate 3:00:00" >> $conf_file
  244. echo "timeout conn 12:00:00 half-closed 6:00:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00" >> $conf_file
  245. echo "timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00" >> $conf_file
  246. echo "timeout sip-disconnect 0:02:00 sip-invite 0:03:00" >> $conf_file
  247. echo "timeout uauth 0:05:00 absolute" >> $conf_file
  248. echo "aaa-server TACACS+ protocol tacacs+" >> $conf_file
  249. echo "aaa-server TACACS+ max-failed-attempts 3" >> $conf_file
  250. echo "aaa-server TACACS+ deadtime 10" >> $conf_file
  251. echo "aaa-server RADIUS protocol radius" >> $conf_file
  252. echo "aaa-server RADIUS max-failed-attempts 3" >> $conf_file
  253. echo "aaa-server RADIUS deadtime 10" >> $conf_file
  254. echo "aaa-server LOCAL protocol local" >> $conf_file
  255. echo "http server enable" >> $conf_file
  256. echo "no snmp-server location" >> $conf_file
  257. echo "no snmp-server contact" >> $conf_file
  258. echo "snmp-server community public" >> $conf_file
  259. echo "no snmp-server enable traps" >> $conf_file
  260. echo "floodguard enable" >> $conf_file
  261. echo "telnet timeout 20" >> $conf_file
  262. echo "ssh 0.0.0.0 0.0.0.0 outside" >> $conf_file
  263. echo "ssh 0.0.0.0 0.0.0.0 inside" >> $conf_file
  264. echo "ssh timeout 60" >> $conf_file
  265. echo "console timeout 60" >> $conf_file
  266. echo "username admin password $password encrypted privilege 2" >> $conf_file
  267. echo "terminal width 80" >> $conf_file
  268. echo "write mem" >> $conf_file
  269. clear
  270. echo "File generated named" "$fwname"."$dname" "paste this config onto the firewall."
  271. echo "Setup the server with the following settings:"
  272. COUNT=$(eval "echo {1..$TOT_IP}")
  273. for i in $COUNT
  274.         do
  275.                 let intip=i+1
  276.                 echo "IP: "192.168.0."$intip"
  277.                 let i=i+1
  278.         done
  279. echo "Subnet mask: 255.255.255.0"
  280. echo "Default gateway: 192.168.0.1"
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!