Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Automatic update of a Cloudpassage FirewallZone (python script)
#!/usr/bin/env python
# encoding: utf-8
Update an existing Cloudpassage FirewallZone from an external list of IPs
Wanted to use this to block abusive IPs, then I made this work and
realized it only accepts max 6000 characters, which in practice translates
to ~400 IP addresses, so it's probably not worth using in any case.
Usage: <ip_list_filename>
import sys
import cloudpassage
from pprint import pprint
# Cloudpassage settings
api_key = "<API_KEY>"
api_secret = "<API_SECRET>"
# Check firewall zones at
# It's nearly impossible to find in the UI
autoban_zone_id = "<FIREWALL_ZONE_ID>"
# Load an external list of IP addressed from a file
# This would typically be fed by fail2ban or similar mechanism
ip_list_file = sys.argv[1]
except IndexError:
print("Usage " + sys.argv[0] + " <list-file>")
with open(ip_list_file, 'r') as ip_list_fh:
ip_list = map(lambda s: s.replace("\n", ""), ip_list_fh.readlines())
# IP address list can't be longer than 6000 characters for cloudpassage ...
ip_list = ip_list[:300]
print("Loaded ip list of " + str(len(ip_list)) + " elements")
session = cloudpassage.HaloSession(api_key, api_secret)
zone = cloudpassage.FirewallZone(session)
Example of FirewallZone object:
{u'description': u'',
u'group_id': u'xxx',
u'group_name': u'xxx',
u'id': u'<zone-id-to-be-used-as-object-key>',
u'ip_address': u',,...',
u'name': u'Automatic IP ban zone',
u'shared': False,
u'system': False,
u'url': u'',
u'used_by': [{u'id': u'xxx',
u'name': u'Name'}]}
#autoban_zone = zone.describe(autoban_zone_id)
autoban_zone_update = {
'firewall_zone': {
'id': autoban_zone_id,
'ip_address': ','.join(ip_list),
# No result comes back from the update if successful
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment