Created
April 19, 2017 16:00
-
-
Save pmarques/126ef2b41feb43b501c7140ba6086a4e to your computer and use it in GitHub Desktop.
Configure TG784n v3 IPv6 firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/expect | |
set timeout 20 | |
set host [lindex $argv 0] | |
set user [lindex $argv 1] | |
set pass [lindex $argv 2] | |
set ipv6 [lindex $argv 3] | |
set chainName "Advanced" | |
spawn telnet $host | |
expect "Username :" | |
send "$user\r" | |
expect "Password :" | |
send "$pass\r"; | |
expect "{sumeo}=>" | |
# Delete existing and replace for new one! | |
send ":firewall level delete name=$chainName\r" | |
expect "{sumeo}=>" | |
# Create the Advanced level | |
send ":firewall level add name=$chainName text='Advanced firewall with IPv6' readonly=disabled udptrackmode=loose service=enabled proxy=enabled policy=drop\r" | |
expect "{sumeo}=>" | |
# Firewall Rules | |
send ":firewall rule flush chain=forward_level_$chainName\r" | |
expect "{sumeo}=>" | |
# Allow SSH to on IP over IPv6 | |
send ":firewall rule add chain=forward_level_$chainName name=IPv6_NAS_SSH srcintf=wan srcip=ipv6 dstip=$ipv6 serv=ssh log=disabled state=enabled action=accept\r" | |
expect "{sumeo}=>" | |
# Block everything else over IPv6 | |
send ":firewall rule add chain=forward_level_$chainName name=Block_IPv6 srcintf=wan srcip=ipv6 log=disabled state=enabled action=deny\r" | |
expect "{sumeo}=>" | |
# Allow all trafic from LAN | |
send ":firewall rule add chain=forward_level_$chainName name=FromLAN srcintf=lan log=disabled state=enabled action=accept\r" | |
expect "{sumeo}=>" | |
# Configure DMZ | |
send ":firewall rule add chain=forward_level_$chainName name=DMZ srcintf=wan srcip=!private dstintf=lan dstip=!private log=disabled state=enabled action=accept\r" | |
expect "{sumeo}=>" | |
# Dump rules | |
send ":firewall rule list chain=forward_level_$chainName format=pretty\r" | |
expect "{sumeo}=>" | |
# Enable Advanced level | |
send ":firewall level set name=Advanced\r" | |
expect "{sumeo}=>" | |
send "saveall\r" | |
expect "{sumeo}=>" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment