firecall scripts are designed to automate sending commands to a Cisco ASA firewall. The intended purpose here is to eliminate the need to manually log in to a firewall to make changes. This code can be run directly via command line or it can be incorporated into other scripts. These scripts were created with automation/orchestration in mind – if done securely, these scripts could ingest security intelligence data to automatically block malicious IPs based on certain criteria.
firecall
Configuration
Before running any of these scripts, open up “config” in a text editor and configure each value as applicable. Make sure to enter one or more firewall IP addresses next to “SERVER_LIST” as well as a username, and any other configurations.
+ add multiple firewalls to configure them all simultaneously
+ configure email alerting to be alerted when an IP is blocked or un-blocked
+ whitelist IPs that you never want to get blocked
+ optional logging feature for audit capability
Dependencies:
+ Python 2.7.x and Paramiko python2 library
Use and Download:
git clone https://github.com/sirpsycho/firecall && cd firecall pip install paramiko python blockip.py <ip-address> python firecall.py -h
Source: https://github.com/sirpsycho