rc.autoallow

#!/bin/sh

# File: /usr/local/etc/rc.allowed

WAIT_TIME=900
rm -f /tmp/block-ips.txt > /dev/null 2>&1
trap stop EXIT

# Go to https://bgpview.io/ to find AS IDs
ASN_APPLE="AS6185 AS714"
ASN_AWS="AS10124 AS14618 AS16509 AS38895 AS58588 AS62785 AS7224"
ASN_FASTLY="AS54113"
ASN_FACEBOOK="AS32934 AS54115 AS63293"
ASN_GOOGLE="AS15169 AS16550 AS16591 AS19448 AS19527 AS22859 AS26684 AS26910 AS36039 AS36384 AS36385 AS36492 AS394507 AS394639 AS394699 AS395973AS396982 AS55023 AS6432"
ASN_MICROSOFT="AS8075"
ASN_PINTEREST="AS53620"

# Combine ASN blocks into list
ASN_LIST="$ASN_APPLE $ASN_AWS $ASN_FACEBOOK $ASN_GOOGLE $ASN_FASTLY $ASN_MICROSOFT $ASN_PINTEREST"

update()
{

  # Get ASN CIDR blocks
  cp /dev/null /tmp/allowed_cidrs
  for i in $ASN_LIST; do
    whois -h whois.radb.net -- "-i origin $i" | awk '/^route:/ {print $2;}' | sort | uniq >> /tmp/allowed_cidrs
  done

  # Make a header
  echo "# Last Updated: `date`" > /usr/local/www/allowed.txt
  echo "# Total Entries: `sort -u /tmp/allowed_cidrs | wc -l`" >> /usr/local/www/allowed.txt
  cat /tmp/allowed_cidrs | sort | uniq >> /usr/local/www/allowed.txt

  # Clean up working file
  rm -f /tmp/allowed_cidrs

  (sleep 15 && ps -aux | grep curl | grep -v grep | awk '{print $2}' | xargs kill ) &

  # Apply Updates
  curl \
        --header 'Content-Type: application/json' \
        --basic \
        --user 'cZN4fENMpaAcATXm51JOiFksGlZLPnsPTtrGnVy78g3FbnIGJq/K7wkQc3AN1ctrZD/m1efJG4Y9AC9X:F8teRnMaHHw+xrMPONDaLI08rjlYBd/Ot8dPSDCRoifJ2nwgTNgampRzBN5CkTFn9xkV4foqoBIhLmC/' \
        --insecure \
        --verbose \
        --data '{"AutoAllowed"}' \
        https://127.0.0.1/api/firewall/alias/reconfigure
  query;
}

start() {
#  while [ 1 -le 2 ]; do
    update;
#    sleep 7200 
#  done

}

stop() {
  pkill rc.autoallow
}

query() {
  echo
  echo -----
  head -2 /usr/local/www/allowed.txt
  echo -----
}

restart() {
  stop
  start
  query
}

if [ $# -lt 1 ]; then
  start
  query
else
  $1
fi

# Exit sucessfully
exit 0