Cenness/erx-add-a-domain-to-addrgrp.sh

## erx-add-a-domain-to-addrgrp.sh
#!/usr/bin/env bash

require(){ hash "$@" 2>/dev/null || { echo "$@ is missing"; exit 127;};}

require grepcidr
require curl
require dig
require jq

## export A_GROUP="address_group_name"
## export A_GROUP_DESCRIPTION="address_group description"
## export DOMAINS="url.one url.two"
DNS="192.168.1.1"
IPS=""
CIDRranges=""

## add cloudflare ip ranges, update if older than a week
if [ "$(find . -name 'erx-cloudflare.ranges' -mtime +7)" ] || [ ! -s erx-cloudflare.ranges ]
then
    curl -qL https://www.cloudflare.com/ips-v4 2>/dev/null > erx-cloudflare.ranges
fi
CIDRranges+=$(cat erx-cloudflare.ranges)

## add twitter ip ranges - AS13414, and edgecast, and akamai
CIDRranges+=$(echo;cat twitter.ranges)

## add aws cloudfront ranges, update if older than a week
if [ "$(find . -name 'erx-cloudfront.ranges' -mtime +7)" ] || [ ! -s erx-cloudfront.ranges ]
then
    curl -qL https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips 2>/dev/null | jq -r flatten[] > erx-cloudfront.ranges
fi
CIDRranges+=$(echo;cat erx-cloudfront.ranges)

## add fastly ranges, update if older than a week
if [ "$(find . -name 'erx-fastly.ranges' -mtime +7)" ] || [ ! -s erx-fastly.ranges ]
then
    curl -qL https://api.fastly.com/public-ip-list 2>/dev/null | jq -r .addresses[] > erx-fastly.ranges
fi
CIDRranges+=$(echo;cat erx-fastly.ranges)

for range in $CIDRranges
do
    IPS+="\nset firewall group address-group ${A_GROUP} address \"${range}\""
done

for DOMAIN in $DOMAINS
do
    IP_unf=$(dig $DOMAIN @$DNS +short | grep -vE "[a-z]")
    for IP in $(grepcidr -i "$CIDRranges" <(echo $IP_unf))
    do
        IPS+="\nset firewall group address-group ${A_GROUP} address \"${IP}\""
    done
done

echo "delete firewall group address-group ${A_GROUP}"
echo "set firewall group address-group ${A_GROUP}"
echo "set firewall group address-group ${A_GROUP} description \"${A_GROUP_DESCRIPTION}\""

echo -e $IPS | sort -u | tail -n+2
echo "commit;save"
	#!/usr/bin/env bash

	require(){ hash "$@" 2>/dev/null \|\| { echo "$@ is missing"; exit 127;};}

	require grepcidr
	require curl
	require dig
	require jq

	## export A_GROUP="address_group_name"
	## export A_GROUP_DESCRIPTION="address_group description"
	## export DOMAINS="url.one url.two"
	DNS="192.168.1.1"
	IPS=""
	CIDRranges=""

	## add cloudflare ip ranges, update if older than a week
	if [ "$(find . -name 'erx-cloudflare.ranges' -mtime +7)" ] \|\| [ ! -s erx-cloudflare.ranges ]
	then
	curl -qL https://www.cloudflare.com/ips-v4 2>/dev/null > erx-cloudflare.ranges
	fi
	CIDRranges+=$(cat erx-cloudflare.ranges)

	## add twitter ip ranges - AS13414, and edgecast, and akamai
	CIDRranges+=$(echo;cat twitter.ranges)

	## add aws cloudfront ranges, update if older than a week
	if [ "$(find . -name 'erx-cloudfront.ranges' -mtime +7)" ] \|\| [ ! -s erx-cloudfront.ranges ]
	then
	curl -qL https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips 2>/dev/null \| jq -r flatten[] > erx-cloudfront.ranges
	fi
	CIDRranges+=$(echo;cat erx-cloudfront.ranges)

	## add fastly ranges, update if older than a week
	if [ "$(find . -name 'erx-fastly.ranges' -mtime +7)" ] \|\| [ ! -s erx-fastly.ranges ]
	then
	curl -qL https://api.fastly.com/public-ip-list 2>/dev/null \| jq -r .addresses[] > erx-fastly.ranges
	fi
	CIDRranges+=$(echo;cat erx-fastly.ranges)

	for range in $CIDRranges
	do
	IPS+="\nset firewall group address-group ${A_GROUP} address \"${range}\""
	done

	for DOMAIN in $DOMAINS
	do
	IP_unf=$(dig $DOMAIN @$DNS +short \| grep -vE "[a-z]")
	for IP in $(grepcidr -i "$CIDRranges" <(echo $IP_unf))
	do
	IPS+="\nset firewall group address-group ${A_GROUP} address \"${IP}\""
	done
	done

	echo "delete firewall group address-group ${A_GROUP}"
	echo "set firewall group address-group ${A_GROUP}"
	echo "set firewall group address-group ${A_GROUP} description \"${A_GROUP_DESCRIPTION}\""

	echo -e $IPS \| sort -u \| tail -n+2
	echo "commit;save"