-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathconfig
73 lines (47 loc) · 2.16 KB
/
config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
########################################
## ##
## CONFIGURE THE FOLLOWING OPTIONS: ##
## ##
########################################
### SSH Configuration ###
# Enter one or more firewall addresses (ex. "192.168.0.1" ex. "firewall1,firewall2,firewall3" etc.)
# Note: If entering more than one, each firewall must be accessible via the same login credentials
SERVER_LIST=""
# Enter SSH username ("admin", "cisco", etc.)
SSH_USERNAME="admin"
# (OPTIONAL) Enter SSH password (leave blank to be prompted when you run the script)
SSH_PASSWORD=""
# (OPTIONAL) Enter SSH private key path (if public key authentication is set up) ex. "/home/user/.ssh/id_rsa"
SSH_KEY=""
# Enter SSH port (default 22)
SSH_PORT="22"
### Email Configuration ###
# Change this to "yes" to send an email notification each time a block request is sent to firewall(s)
SEND_EMAIL_ON_BLOCK="no"
# Change this to "yes" to send an email notification each time a firewall block is removed
SEND_EMAIL_ON_REMOVE="no"
# Sending email address (ex. "sender@mailserver.com")
EMAIL_FROM=""
# Probably the same as EMAIL_FROM
EMAIL_USERNAME=""
# Password for the sending email account
EMAIL_PASSWORD=""
# Email address(es) to send notifications to (for multiple, separate with commas)
EMAIL_TO=""
# Sending email server address (for gmail, "smtp.gmail.com")
EMAIL_SERVER="smtp.gmail.com"
# Sending email port number (for gmail, "587")
EMAIL_PORT="587"
### Other Options ###
# Enter the name of a group defined within the firewall that blocks access
# (This group needs to be defined in the FW and applied to an ACL which blocks access)
FIREWALL_GROUP_NAME="Deny_All_Group"
# Enter whitelist IP address(es) and/or CIDR ranges that you never want to accidentally get blocked
# (comma separated - ex. "192.168.0.0/16,8.8.8.8,8.8.4.4")
WHITELIST_IPS=""
# This is a list of hosts that are allowed to request changes to the firewall. This is to be used
# when these scripts are accepting automated input (non-applicable if running blockip.py manually)
# ex. "10.0.0.1,10.0.0.2,10.0.0.3"
ALLOWED_SENDERS=""
# Log file location (leave blank to disable logging)
LOG_FILE=""