Last active
February 25, 2021 08:33
-
-
Save cosimo/d2897f7f4cef30bf4e8ee0917387b08f to your computer and use it in GitHub Desktop.
Automatic update of a Cloudpassage FirewallZone (python script)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# encoding: utf-8 | |
""" | |
Update an existing Cloudpassage FirewallZone from an external list of IPs | |
Wanted to use this to block abusive IPs, then I made this work and | |
realized it only accepts max 6000 characters, which in practice translates | |
to ~400 IP addresses, so it's probably not worth using in any case. | |
Usage: | |
cloudpassage_zone_update.py <ip_list_filename> | |
""" | |
import sys | |
import cloudpassage | |
from pprint import pprint | |
# | |
# Cloudpassage settings | |
# | |
api_key = "<API_KEY>" | |
api_secret = "<API_SECRET>" | |
# Check firewall zones at https://portal.cloudpassage.com/firewall_zones | |
# It's nearly impossible to find in the UI | |
autoban_zone_id = "<FIREWALL_ZONE_ID>" | |
# Load an external list of IP addressed from a file | |
# This would typically be fed by fail2ban or similar mechanism | |
try: | |
ip_list_file = sys.argv[1] | |
except IndexError: | |
print("Usage " + sys.argv[0] + " <list-file>") | |
sys.exit(1) | |
with open(ip_list_file, 'r') as ip_list_fh: | |
ip_list = map(lambda s: s.replace("\n", ""), ip_list_fh.readlines()) | |
# IP address list can't be longer than 6000 characters for cloudpassage ... | |
ip_list = ip_list[:300] | |
print("Loaded ip list of " + str(len(ip_list)) + " elements") | |
#print(",".join(ip_list)) | |
session = cloudpassage.HaloSession(api_key, api_secret) | |
zone = cloudpassage.FirewallZone(session) | |
""" | |
Example of FirewallZone object: | |
{u'description': u'', | |
u'group_id': u'xxx', | |
u'group_name': u'xxx', | |
u'id': u'<zone-id-to-be-used-as-object-key>', | |
u'ip_address': u'1.2.3.4,5.6.7.8,...', | |
u'name': u'Automatic IP ban zone', | |
u'shared': False, | |
u'system': False, | |
u'url': u'https://api.cloudpassage.com/v1/firewall_zones/xxx', | |
u'used_by': [{u'id': u'xxx', | |
u'name': u'Name'}]} | |
""" | |
#autoban_zone = zone.describe(autoban_zone_id) | |
autoban_zone_update = { | |
'firewall_zone': { | |
'id': autoban_zone_id, | |
'ip_address': ','.join(ip_list), | |
} | |
} | |
# No result comes back from the update if successful | |
zone.update(autoban_zone_update) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment