#!/usr/bin/env python import serial import string import time # Open serial connection ser = serial.Serial(0) serverlist = [] serverips = dict() def get_server_info(): name = raw_input("Enter server name: ") serverlist.append(name.strip()) ips = () input = raw_input("Enter server IPs seperated by a space: " ) serverips[name] = input.strip() customerdomain = raw_input("What is the customer domain name? ") pimsuser = raw_input("Enter PIMS user name: ") pimspass = raw_input("Enter PIMS password: ") fwip = raw_input("What is the firewall IP? ") fwmask = raw_input("Enter FW netmask: ") fwgateway = raw_input("Enter FW gateway: ") print linux,cpanel,win,plesk = "","","","" linux = raw_input("Configure FW for Linux servers? ") linux = linux.upper() if linux == "Y": cpanel = raw_input("Configure for Cpanel? ") cpanel = cpanel.upper() win = raw_input("Configure FW for Windows servers? ") win = win.upper() if win == "Y": plesk = raw_input("Configure for Plesk? ") plesk = plesk.upper() #print customerdomain print "\n" print "Server Info:\n" answer = "" while answer != "N": get_server_info() answer = raw_input("Do you want to add another server? (y/n) ") answer = answer.upper() ser.write("\n") time.sleep(1) ser.write("enable\n") time.sleep(1) ser.write("\n") time.sleep(1) ser.write("conf t\n") time.sleep(1) ser.write("firewall transparent\n") time.sleep(1) ser.write("hostname firewall\n") time.sleep(1) ser.write("domain-name %s\n" %customerdomain) time.sleep(1) ser.write("enable password %s\n" %pimspass) time.sleep(1) ser.write("int vlan1\n") time.sleep(1) ser.write("nameif inside\n") time.sleep(1) ser.write("security-level 100\n") time.sleep(1) ser.write("int vlan2\n") time.sleep(1) ser.write("nameif outside\n") time.sleep(1) ser.write("security-level 0\n") time.sleep(1) ser.write("int e0/0\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("switchport access vlan 2\n") time.sleep(1) ser.write("int e0/1\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("int e0/2\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("int e0/3\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("int e0/4\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("int e0/5\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("int e0/6\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("int e0/7\n") time.sleep(1) ser.write("no shut\n") time.sleep(1) ser.write("passwd %s\n" %pimspass) time.sleep(1) ser.write("dns domain-lookup outside\n") time.sleep(1) ser.write("dns server-group DefaultDNS\n") time.sleep(1) ser.write("name-server 69.16.234.69\n") time.sleep(1) ser.write("name-server 209.59.139.5\n") time.sleep(1) ser.write("name-server 209.59.139.6\n") time.sleep(1) ser.write("domain-name %s\n" %customerdomain) time.sleep(1) ser.write("object-group network LWOffice\n") time.sleep(1) ser.write("network-object 209.59.139.0 255.255.255.0\n") time.sleep(1) ser.write("network-object 69.16.222.0 255.255.255.0\n") time.sleep(1) ser.write("network-object 69.16.234.64 255.255.255.192\n") time.sleep(1) ser.write("network-object 64.91.239.0 255.255.255.192\n") time.sleep(1) for key in serverips: ips = serverips[key].split(" ") ser.write("object-group network %s\n" %key) time.sleep(1) n = 0 for ip in ips: ser.write("network-object host %s\n" %ip) time.sleep(1) ser.write("object-group network internal\n") time.sleep(1) for key in serverips: ser.write("group-object %s\n" %key) time.sleep(1) ser.write("object-group protocol tcp-udp\n") time.sleep(1) ser.write("protocol-object tcp\n") time.sleep(1) ser.write("protocol-object udp\n") time.sleep(1) ser.write("object-group service cpanel tcp\n") time.sleep(1) ser.write("port-object range 2082 2084\n") time.sleep(1) ser.write("port-object range 2086 2087\n") time.sleep(1) ser.write("port-object range 2095 2096\n") time.sleep(1) ser.write("object-group service mail tcp\n") time.sleep(1) ser.write("port-object eq smtp\n") time.sleep(1) ser.write("port-object eq imap4\n") time.sleep(1) ser.write("port-object eq pop3\n") time.sleep(1) ser.write("port-object eq 465\n") time.sleep(1) ser.write("port-object eq 993\n") time.sleep(1) ser.write("port-object eq 995\n") time.sleep(1) ser.write("object-group service web tcp\n") time.sleep(1) ser.write("port-object eq http\n") time.sleep(1) ser.write("port-object eq https\n") time.sleep(1) ser.write("object-group service ftp tcp\n") time.sleep(1) ser.write("port-object range 20 21\n") time.sleep(1) ser.write("object-group service plesk tcp\n") time.sleep(1) ser.write("port-object eq 8443\n") time.sleep(1) ser.write("object-group service mysql tcp\n") time.sleep(1) ser.write("port-object eq 3306\n") time.sleep(1) ser.write("object-group service postgres tcp\n") time.sleep(1) ser.write("port-object eq 5432\n") time.sleep(1) ser.write("object-group service remotedesktop tcp\n") time.sleep(1) ser.write("port-object eq 3389\n") time.sleep(1) ser.write("object-group service mssql tcp\n") time.sleep(1) ser.write("port-object range 1433 1434\n") time.sleep(1) ser.write("object-group service activedirectory tcp-udp\n") time.sleep(1) ser.write("port-object eq 135\n") time.sleep(1) ser.write("port-object range 137 139\n") time.sleep(1) ser.write("port-object eq 445\n") time.sleep(1) ser.write("port-object eq 389\n") time.sleep(1) ser.write("port-object eq 636\n") time.sleep(1) ser.write("port-object range 3268 3269\n") time.sleep(1) ser.write("port-object eq 88\n") time.sleep(1) ser.write("port-object eq 42\n") time.sleep(1) ser.write("port-object eq 1512\n") time.sleep(1) ser.write("pager lines 50\n") time.sleep(1) ser.write("ip address %s %s\n" %(fwip, fwmask)) time.sleep(1) ser.write("route outside 0.0.0.0 0.0.0.0 %s\n" %fwgateway) time.sleep(1) time.sleep(1) ser.write("username %s password %s priv 15\n" %(pimsuser, pimspass)) time.sleep(1) ser.write("aaa authentication http console LOCAL\n") time.sleep(1) ser.write("aaa authentication ssh console LOCAL\n") time.sleep(1) ser.write("aaa authentication secure-http-client\n") time.sleep(1) ser.write("access-list IN extended permit ip object-group LWOffice object-group internal\n") time.sleep(1) ser.write("access-list IN extended permit tcp any gt 1023 object-group internal object-group web\n") time.sleep(1) ser.write("access-list IN extended permit object-group tcp-udp any gt 1023 object-group internal eq 53\n") time.sleep(1) ser.write("access-list IN extended permit tcp any gt 1023 object-group internal object-group ftp\n") time.sleep(1) ser.write("access-list IN extended permit tcp any gt 1023 object-group internal object-group mail\n") time.sleep(1) if linux == "Y": ser.write("access-list IN extended permit tcp any gt 1023 object-group internal eq 22\n") time.sleep(1) if cpanel == "Y": ser.write("access-list IN extended permit tcp any gt 1023 object-group internal object-group cpanel\n") time.sleep(1) if win == "Y": ser.write("access-list IN extended permit object-group tcp-udp any gt 1023 object-group internal object-group activedirectory\n") time.sleep(1) ser.write("access-list IN extended permit tcp any gt 1023 object-group internal object-group remotedesktop\n") time.sleep(1) if plesk == "Y": ser.write("access-list IN extended permit tcp any gt 1023 object-group internal object-group plesk\n") time.sleep(1) ser.write("access-group IN in interface outside\n") time.sleep(1) ser.write("http server enable\n") time.sleep(1) ser.write("http 209.59.139.0 255.255.255.0 outside\n") time.sleep(1) ser.write("http 69.16.222.0 255.255.255.0 outside\n") time.sleep(1) ser.write("http 64.91.239.0 255.255.255.192 outside\n") time.sleep(1) ser.write("ssh 209.59.139.0 255.255.255.0 outside\n") time.sleep(1) ser.write("ssh 69.16.222.0 255.255.255.0 outside\n") time.sleep(1) ser.write("ssh 64.91.239.0 255.255.255.192 outside\n") time.sleep(1) ser.write("policy-map global_policy\n") time.sleep(1) ser.write("class inspection_default\n") time.sleep(1) ser.write("no inspect esmtp\n") time.sleep(1) ser.write("crypto key generate rsa modulus 2048\n") time.sleep(20) ser.write("end\n") time.sleep(1) ser.write("write\n") time.sleep(1) ser.write("exit\n") print print "Firewall config is done.\n"