Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/expect
- set timeout 20
- set host [lindex $argv 0]
- set user [lindex $argv 1]
- set pass [lindex $argv 2]
- set ipv6 [lindex $argv 3]
- set chainName "Advanced"
- spawn telnet $host
- expect "Username :"
- send "$user\r"
- expect "Password :"
- send "$pass\r";
- expect "{sumeo}=>"
- # Delete existing and replace for new one!
- send ":firewall level delete name=$chainName\r"
- expect "{sumeo}=>"
- # Create the Advanced level
- send ":firewall level add name=$chainName text='Advanced firewall with IPv6' readonly=disabled udptrackmode=loose service=enabled proxy=enabled policy=drop\r"
- expect "{sumeo}=>"
- # Firewall Rules
- send ":firewall rule flush chain=forward_level_$chainName\r"
- expect "{sumeo}=>"
- # Allow SSH to on IP over IPv6
- send ":firewall rule add chain=forward_level_$chainName name=IPv6_NAS_SSH srcintf=wan srcip=ipv6 dstip=$ipv6 serv=ssh log=disabled state=enabled action=accept\r"
- expect "{sumeo}=>"
- # Block everything else over IPv6
- send ":firewall rule add chain=forward_level_$chainName name=Block_IPv6 srcintf=wan srcip=ipv6 log=disabled state=enabled action=deny\r"
- expect "{sumeo}=>"
- # Allow all trafic from LAN
- send ":firewall rule add chain=forward_level_$chainName name=FromLAN srcintf=lan log=disabled state=enabled action=accept\r"
- expect "{sumeo}=>"
- # Configure DMZ
- send ":firewall rule add chain=forward_level_$chainName name=DMZ srcintf=wan srcip=!private dstintf=lan dstip=!private log=disabled state=enabled action=accept\r"
- expect "{sumeo}=>"
- # Dump rules
- send ":firewall rule list chain=forward_level_$chainName format=pretty\r"
- expect "{sumeo}=>"
- # Enable Advanced level
- send ":firewall level set name=Advanced\r"
- expect "{sumeo}=>"
- send "saveall\r"
- expect "{sumeo}=>"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement