pmarques/TG784n_firewall.sh

## TG784n_firewall.sh
#!/usr/bin/expect

set timeout 20
set host [lindex $argv 0]
set user [lindex $argv 1]
set pass [lindex $argv 2]
set ipv6 [lindex $argv 3]
set chainName "Advanced"

spawn telnet $host

expect "Username :"
send "$user\r"
expect "Password :"
send "$pass\r";
expect "{sumeo}=>"

# Delete existing and replace for new one!
send ":firewall level delete name=$chainName\r"
expect "{sumeo}=>"

# Create the Advanced level
send ":firewall level add name=$chainName text='Advanced firewall with IPv6' readonly=disabled udptrackmode=loose service=enabled proxy=enabled policy=drop\r"
expect "{sumeo}=>"

# Firewall Rules
send ":firewall rule flush chain=forward_level_$chainName\r"
expect "{sumeo}=>"

# Allow SSH to on IP over IPv6
send ":firewall rule add chain=forward_level_$chainName name=IPv6_NAS_SSH srcintf=wan srcip=ipv6 dstip=$ipv6 serv=ssh log=disabled state=enabled action=accept\r"
expect "{sumeo}=>"

# Block everything else over IPv6
send ":firewall rule add chain=forward_level_$chainName name=Block_IPv6 srcintf=wan srcip=ipv6 log=disabled state=enabled action=deny\r"
expect "{sumeo}=>"

# Allow all trafic from LAN
send ":firewall rule add chain=forward_level_$chainName name=FromLAN srcintf=lan log=disabled state=enabled action=accept\r"
expect "{sumeo}=>"

# Configure DMZ
send ":firewall rule add chain=forward_level_$chainName name=DMZ srcintf=wan srcip=!private dstintf=lan dstip=!private log=disabled state=enabled action=accept\r"
expect "{sumeo}=>"

# Dump rules
send ":firewall rule list chain=forward_level_$chainName format=pretty\r"
expect "{sumeo}=>"

# Enable Advanced level
send ":firewall level set name=Advanced\r"
expect "{sumeo}=>"

send "saveall\r"
expect "{sumeo}=>"
	#!/usr/bin/expect

	set timeout 20
	set host [lindex $argv 0]
	set user [lindex $argv 1]
	set pass [lindex $argv 2]
	set ipv6 [lindex $argv 3]
	set chainName "Advanced"

	spawn telnet $host

	expect "Username :"
	send "$user\r"
	expect "Password :"
	send "$pass\r";
	expect "{sumeo}=>"

	# Delete existing and replace for new one!
	send ":firewall level delete name=$chainName\r"
	expect "{sumeo}=>"

	# Create the Advanced level
	send ":firewall level add name=$chainName text='Advanced firewall with IPv6' readonly=disabled udptrackmode=loose service=enabled proxy=enabled policy=drop\r"
	expect "{sumeo}=>"

	# Firewall Rules
	send ":firewall rule flush chain=forward_level_$chainName\r"
	expect "{sumeo}=>"

	# Allow SSH to on IP over IPv6
	send ":firewall rule add chain=forward_level_$chainName name=IPv6_NAS_SSH srcintf=wan srcip=ipv6 dstip=$ipv6 serv=ssh log=disabled state=enabled action=accept\r"
	expect "{sumeo}=>"

	# Block everything else over IPv6
	send ":firewall rule add chain=forward_level_$chainName name=Block_IPv6 srcintf=wan srcip=ipv6 log=disabled state=enabled action=deny\r"
	expect "{sumeo}=>"

	# Allow all trafic from LAN
	send ":firewall rule add chain=forward_level_$chainName name=FromLAN srcintf=lan log=disabled state=enabled action=accept\r"
	expect "{sumeo}=>"

	# Configure DMZ
	send ":firewall rule add chain=forward_level_$chainName name=DMZ srcintf=wan srcip=!private dstintf=lan dstip=!private log=disabled state=enabled action=accept\r"
	expect "{sumeo}=>"

	# Dump rules
	send ":firewall rule list chain=forward_level_$chainName format=pretty\r"
	expect "{sumeo}=>"

	# Enable Advanced level
	send ":firewall level set name=Advanced\r"
	expect "{sumeo}=>"

	send "saveall\r"
	expect "{sumeo}=>"