/
rc.autoallow
85 lines (68 loc) · 1.94 KB
/
rc.autoallow
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/sh
# File: /usr/local/etc/rc.allowed
WAIT_TIME=900
rm -f /tmp/block-ips.txt > /dev/null 2>&1
trap stop EXIT
# Go to https://bgpview.io/ to find AS IDs
ASN_APPLE="AS6185 AS714"
ASN_AWS="AS10124 AS14618 AS16509 AS38895 AS58588 AS62785 AS7224"
ASN_FASTLY="AS54113"
ASN_FACEBOOK="AS32934 AS54115 AS63293"
ASN_GOOGLE="AS15169 AS16550 AS16591 AS19448 AS19527 AS22859 AS26684 AS26910 AS36039 AS36384 AS36385 AS36492 AS394507 AS394639 AS394699 AS395973AS396982 AS55023 AS6432"
ASN_MICROSOFT="AS8075"
ASN_PINTEREST="AS53620"
# Combine ASN blocks into list
ASN_LIST="$ASN_APPLE $ASN_AWS $ASN_FACEBOOK $ASN_GOOGLE $ASN_FASTLY $ASN_MICROSOFT $ASN_PINTEREST"
update()
{
# Get ASN CIDR blocks
cp /dev/null /tmp/allowed_cidrs
for i in $ASN_LIST; do
whois -h whois.radb.net -- "-i origin $i" | awk '/^route:/ {print $2;}' | sort | uniq >> /tmp/allowed_cidrs
done
# Make a header
echo "# Last Updated: `date`" > /usr/local/www/allowed.txt
echo "# Total Entries: `sort -u /tmp/allowed_cidrs | wc -l`" >> /usr/local/www/allowed.txt
cat /tmp/allowed_cidrs | sort | uniq >> /usr/local/www/allowed.txt
# Clean up working file
rm -f /tmp/allowed_cidrs
(sleep 15 && ps -aux | grep curl | grep -v grep | awk '{print $2}' | xargs kill ) &
# Apply Updates
curl \
--header 'Content-Type: application/json' \
--basic \
--user 'cZN4fENMpaAcATXm51JOiFksGlZLPnsPTtrGnVy78g3FbnIGJq/K7wkQc3AN1ctrZD/m1efJG4Y9AC9X:F8teRnMaHHw+xrMPONDaLI08rjlYBd/Ot8dPSDCRoifJ2nwgTNgampRzBN5CkTFn9xkV4foqoBIhLmC/' \
--insecure \
--verbose \
--data '{"AutoAllowed"}' \
https://127.0.0.1/api/firewall/alias/reconfigure
query;
}
start() {
# while [ 1 -le 2 ]; do
update;
# sleep 7200
# done
}
stop() {
pkill rc.autoallow
}
query() {
echo
echo -----
head -2 /usr/local/www/allowed.txt
echo -----
}
restart() {
stop
start
query
}
if [ $# -lt 1 ]; then
start
query
else
$1
fi
# Exit sucessfully
exit 0