home *** CD-ROM | disk | FTP | other *** search

---

/ OS/2 Shareware BBS: 8 Other / 08-Other.zip / firewall.zip / firestarter.cmd

< prev

next >

Wrap

OS/2 REXX Batch file  |  2001-03-07  |  12KB  |  353 lines

---

1. /* FIRESTARTER */
2.  
3. call RxFuncAdd 'SysLoadFuncs', 'RexxUtil', 'SysLoadFuncs'
4. call SysLoadFuncs
5.  
6. say
7. say "***********************************************************************"
8. say "*                                                                     *"
9. say "* FireStarter Configuration Program for the OS/2 Warp Server Firewall *"
10. say "*                                                                     *"
11. say "*                                                                     *"
12. say "* by James Blackmore                                                  *"
13. say "*                                                                     *"
14. say "* Modified by Bob Eager                                               *"
15. say "*                                                                     *"
16. say "***********************************************************************"
17. say
18. say "Follow the on-screen instructions to perform basic firewall configuration."
19. say
20. say "Press return to continue:"
21. pull dummy
22. say
23.  
24. /* CAPTURE DRIVE LETTER FOR VARIABLES */
25. capture:
26. say "Please type the letter of the drive OS/2 is running on:"
27. pull drive
28.  
29. /* INSTANTIATE VARIABLES */
30. file = drive":\CONFIG.SYS"
31. filters = drive":\MPTN\ETC\SECURITY\FWFILTRS.CNF"
32. interfaces = drive":\MPTN\ETC\FWSECAD.CNF"
33. logfile = drive":\MPTN\ETC\FWLOG.CNF"
34. setup = drive":\TCPIP\BIN\TCPEXIT.CMD"
35. copyfile = drive":\TCPIP\BIN\TCPEXIT.TMP"
36. basefile = substr(setup, lastpos('\', setup)+1)
37. init = "cfgfilt -u -i"
38. toggle1 = "inetcfg -s firewall 1"
39. toggle0 = "inetcfg -s firewall 0"
40.  
41. line_array.1 = "DEVICE="drive":\MPTN\PROTOCOL\IPSEC.SYS"
42. line_array.2 = "DEVICE="drive":\MPTN\PROTOCOL\FWIP.SYS"
43.  
44. say
45. say "Checking for device drivers in" drive":\CONFIG.SYS...."
46. say
47.  
48. /* SEARCH FILE FOR LINES IN LINE_ARRAY
49.     AND PUT RESULTS IN LIST */
50. do i = 1 to 2
51.     call SysFileSearch line_array.i, file, "result."
52.     list.i = result.0
53. end
54.  
55. /* IF LINE NOT IN FILE, ADD IT AND ALERT USER */
56. do j = 1 to 2
57.     if list.j = 0 then
58.         do
59.             call lineout file, line_array.j
60.             say "Line added:" line_array.j
61.         end
62.     else say "Line already present:" line_array.j
63. end
64.  
65. /* SEARCH FOR AND/OR CREATE FILTER RULES CONFIGURATION FILE */
66. say
67. say "Searching for filter rules configuration file....."
68. if stream(filters,'c','query exists') = "" then
69.     do
70.         say "File not found"
71.         say "Creating filter rules conifguration file....."
72.         call stream filters,'c','open'
73.         call stream filters,'c','close'
74.         say "File created:" filters
75.     end
76. else say "File already exists:" filters
77.  
78. /* SEARCH FOR AND/OR CREATE INTERFACES CONFIGURATION FILE */
79. say
80. say "Searching for interfaces configuration file....."
81. if stream(interfaces,'c','query exists') = "" then
82.     do
83.         say "File not found"
84.         say "Creating interfaces configuration file....."
85.         call stream interfaces,'c','open'
86.         call stream interfaces,'c','close'
87.         say "File created:" interfaces
88.     end
89. else say "File already exists:" interfaces
90.     
91. /* SEARCH FOR AND/OR CREATE LOG CONFIGURATION FILE */
92. say
93. say "Searching for log configuration file....."
94. if stream(logfile,'c','query exists') = "" then
95.     do
96.         say "File not found"
97.         say "Creating log configuration file....."
98.         call stream logfile,'c','open'
99.         call stream logfile,'c','close'
100.         say "File created:" logfile
101.     end
102. else say "File already exists:" logfile
103.  
104. /* DEFINE SECURE INTERFACES */
105. say
106. say "Would you like to define a secure interface now? (y/n)"
107. pull answer
108. if answer = "Y" then signal secure
109. else signal jump1
110.  
111. secure:
112. say
113. say "Type the IP address (in dotted decimal form) of the interface to be made secure:"
114. parse pull address
115. number = linein(interfaces,1)
116. call stream interfaces,'c','close'  /* MUST CLOSE HERE OTHERWISE 
117.                                                 SYSFILESEARCH WON'T WORK LATER */
118.  
119. if number = "" then   /* BECAUSE IF FILE EMPTY SYSFILESEARCH WON'T WORK */
120.     do
121.         call lineout interfaces, address
122.         say
123.         say address "is now secure"
124.         say
125.         say "Define another? (y/n)"
126.         pull input
127.         if input = "Y" then signal secure
128.         else nop
129.     end
130. else  /* IF FILE ISN'T EMPTY */
131.     do
132.         call SysFileSearch address, interfaces, "intf."
133.         if intf.0 = 0 then                       /* IF LINE ISN'T PRESENT ADD IT */
134.              do
135.                  call lineout interfaces, address 
136.                  say address "is now secure."
137.                  say "Define another? (y/n)"
138.                  pull input
139.                  if input = "Y" then signal secure
140.                  else nop
141.              end
142.         else 
143.             do
144.                 say "That address is already secure."
145.                 say "Define another? (y/n)"
146.                 pull input
147.                 if input = "Y" then signal secure
148.                 else nop
149.             end
150.     end
151.  
152.  
153. jump1:
154.  
155. /* SET LOGGING LEVEL */
156. logchoice:
157. say
158. say "Set packet logging level - options:"
159. say
160. say "10 = Debug"
161. say "20 = Informational"
162. say "30 = Warning"
163. say "40 = Errors"
164. say "50 = Alert"
165. say
166. say "State preference (10/20/30/40/50)"
167. parse pull level
168. select
169.     when level = 10 then signal setlog
170.     when level = 20 then signal setlog
171.     when level = 30 then signal setlog
172.     when level = 40 then signal setlog
173.     when level = 50 then signal setlog
174.     otherwise
175.         do
176.             say
177.             say "Invalid level!"
178.             signal logchoice
179.         end
180. end
181.  
182. setlog:
183. do   /* IF CHOICE IS SAME AS IS ALREADY SET, DO NOTHING, OTHERWISE CHANGE IT */
184.     call SysFileSearch level, logfile, "num."
185.     if num.0 = 0 then
186.         do
187.             rc = SysFileDelete(logfile)
188.             call stream logfile,'c','open'
189.             call lineout logfile, level
190.             call stream logfile,'c','close'
191.         end
192.     else nop
193. end    
194.  
195. /* EDIT TCPIP\BIN\TCPEXIT.CMD FILE */
196.  
197. /* INITIALISE FILTERS? */
198. say
199. say "Rules used on startup - options:"
200. say
201. say "1 = Firewall's default rules"
202. say "2 = User defined rules" 
203. say
204.  
205. cp1:
206. say "State preference (1/2)"
207. parse pull choice
208.  
209. if choice = "2" then     /* USE USER DEFINED RULES */
210.     do
211.         call SysFileSearch init, setup, "var."
212.         if var.0 = 0 then call lineout setup, init
213.         else nop
214.         r = "user defined rules"
215.     end
216. else
217.     if choice = "1" then            /* USE FIREWALL DEFAULT RULES */
218.          do
219.              r = "firewall's default rules"
220.              /* COPY ALL LINE EXCEPT THAT SPECIFIED */
221.              do while lines(setup) > 0         
222.                  current_line = linein(setup)
223.                  if current_line = init then nop
224.                  else call lineout copyfile, current_line
225.              end   
226.              current_line = linein(setup)
227.              if current_line = init then nop
228.              else call lineout copyfile, current_line
229.              call stream copyfile,'c','close'
230.  
231.              /* DELETE SETUP FILE */
232.              call stream setup,'c','close'
233.              rc = SysFileDelete(setup)
234.  
235.              /* RENAME */
236.              rename copyfile basefile
237.              call stream setup,'c','close'
238.          end
239.  
240.     else signal cp1               /* CATCHES ANY OTHER INPUT */
241.  
242. /* FIREWALL STATUS? */
243. cp2:
244. say
245. say "Firewall status on startup? (on/off)"
246. parse pull status
247. if status = "on" then 
248.  
249.     do                            /* IF FIREWALL IS ON DO NOTHING, ELSE.... */
250.         s = "on"
251.         booleanB = 0
252.         call SysFileSearch setup, toggle1, "tog1."
253.         if tog1.0 = 1 then nop
254.         else booleanB = 1
255.         if booleanB = 0 then nop
256.         else
257.              do
258.                  /* COPY OUT FIREWALL OFF */
259.                  call stream copyfile,'c','open'
260.                  current_line = linein(setup,1)
261.                  if current_line = toggle0 then nop
262.                  else call lineout copyfile, current_line
263.                  do while lines(setup) > 0         
264.                      current_line = linein(setup)
265.                      if current_line = toggle0 then nop
266.                      else call lineout copyfile, current_line
267.                  end   
268.                  current_line = linein(setup)
269.                  if current_line = toggle0 then nop
270.                  else call lineout copyfile, current_line
271.                  call stream setup,'c','close'
272.  
273.                  /* ADD FIREWALL ON */
274.                  call lineout copyfile, toggle1
275.                  call stream copyfile,'c','close'
276.  
277.                  /* DELETE SETUP FILE */
278.                  rc = SysFileDelete(setup)
279.  
280.                 /* RENAME */
281.                 rename copyfile basefile
282.            end
283.       end
284. else
285.     if status = "off" then
286.         do                            /* IF FIREWALL IS OFF DO NOTHING, ELSE.... */
287.             s = "off"
288.             booleanC = 0
289.             call SysFileSearch setup, toggle0, "tog0."
290.             if tog0.0 = 1 then nop
291.             else booleanC = 1
292.             if booleanC = 0 then nop
293.             else
294.                 do
295.                     /* COPY OUT FIREWALL ON */
296.                     call stream copyfile,'c','open'
297.                     current_line = linein(setup,1)
298.                     if current_line = toggle1 then nop
299.                     else call lineout copyfile, current_line
300.                     do while lines(setup) > 0         
301.                         current_line = linein(setup)
302.                         if current_line = toggle1 then nop
303.                         else call lineout copyfile, current_line
304.                     end   
305.                     current_line = linein(setup)
306.                     if current_line = toggle1 then nop
307.                     else call lineout copyfile, current_line
308.                     call stream setup,'c','close'
309.  
310.                     /* ADD FIREWALL OFF */
311.                     call lineout copyfile, toggle0
312.                     call stream copyfile,'c','close'
313.  
314.                     /* DELETE SETUP FILE */
315.                     rc = SysFileDelete(setup)
316.  
317.                    /* RENAME */
318.                    rename copyfile basefile
319.               end
320.          end
321.  
322.     else signal cp2      /* CATCHES ANY OTHER INPUT */
323.  
324.  
325. /* PRINT A CONFIGURATION SUMMARY TO SCREEN */
326. say
327. say "Basic firewall configuration is now complete."
328. say
329. say "------------------------"
330. say "Firewall status summary:"
331. say "------------------------"
332. say
333. say "Secure interfaces:"
334. line_read = linein(interfaces,1)
335. if line_read = "" then say "none"
336. else say line_read                     /* SAY FIRST LINE */
337. do while lines(interfaces) > 0     /* SAY FROM SECOND TO LAST BUT ONE */
338.     line_read = linein(interfaces)
339.     say line_read
340.     end
341. line_read = linein(interfaces)     /* SAY LAST LINE */
342. say line_read
343. say
344. say "Packet logging level =" level
345. say
346. say "Firewall will use" r "on startup"
347. say
348. say "Firewall status on startup =" s
349. say
350. say "NOW RESTART YOUR COMPUTER FOR CONFIGURATION TO UPDATE"
351.  
352. EXIT
353.