Skip to content

Instantly share code, notes, and snippets.

@grepwood

grepwood/update_iw_blocklist.pl

Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save grepwood/b208b130abd6ec2ccb3b to your computer and use it in GitHub Desktop.
Save grepwood/b208b130abd6ec2ccb3b to your computer and use it in GitHub Desktop.
Download ZIP
Updates APF deny_hosts.rules via InterWorx API
Raw
update_iw_blocklist.pl
#!/usr/bin/perl -w
# deps
use strict;
use warnings;
use Getopt::Std;
require RPC::XML;
require RPC::XML::Client;
use File::Slurp;
my $satisfied = 0;
my $address = "";
my $secret = "";
my $email = "";
my $list = "";
my $port = "";
my $options=();
getopts("ha:s:k:e:p:f:", \%main::options);
# If you're asking for help, chances are you don't
# want to execute the rest of the program
if (defined $main::options{h}) {
print "This program changes a NodeWorx controlled firewall\n";
print "Required arguments:\n";
print " -h see this message\n";
print " -a address of the NodeWorx server\n";
print " -s file where the super secret password is kept\n";
print " -e email of the authorized staffer or bot\n";
print " -f file with updated IP block list\n";
print " -k path to API key instead of email+pass\n";
print "Optional settings:\n";
print " -p sets a port number, if not set, defaults to 2443\n";
exit 0;
}
# Checking if we got the options.
# If yes, we add a power of 2 to $satisfied so that
# later we can have a unique value to check against.
if (defined $main::options{a}) {
$satisfied += 1;
$address = $main::options{a};
}
if (defined $main::options{s}) {
$satisfied += 2;
$main::secret_file = $main::options{s};
}
if (defined $main::options{e}) {
$satisfied += 4;
$email = $main::options{e};
}
if (defined $main::options{f}) {
$satisfied += 8;
$list = $main::options{f};
}
if (defined $main::options{k}) {
$satisfied += 16;
$main::key_file = $main::options{k};
}
if (defined $main::options{p}) {
$port = $main::options{p};
} else {
$port = 2443;
}
if ((($satisfied & 15) != 15) && (($satisfied & 25) != 25)) {
print "block_ips perl script is missing argument(s)\n";
print "Try with -h to see what is required\n";
exit -1;
}
# Read the IP list we got from our C program
open my $ip_list_file, $list or die "Could not open $list: $!\n";
my @ip_list = readline $ip_list_file;
close $ip_list_file;
my $cli = RPC::XML::Client->new("https://$address:$port/xmlrpc");
# Read the super secret password if we are using it
if(($satisfied & 6) == 6) {
open my $secret_file_info, $main::secret_file or die "Could not open $main::secret_file: $!\n";
my $password = <$secret_file_info>;
close $secret_file_info;
chomp $password;
$main::losingmypatiencewithperl = RPC::XML::struct->new({
'email' => RPC::XML::string->new("$email"),
'password' => RPC::XML::string->new("$password")
});
}
elsif(($satisfied & 16) == 16) {
open my $key_file_info, $main::key_file or die "Could not open $main::key_file: $!\n";
$main::losingmypatiencewithperl = read_file($main::key_file);
close $key_file_info;
chomp $main::losingmypatiencewithperl;
}
my $apikey = $main::losingmypatiencewithperl;
my $ctrl_name = RPC::XML::string->new('/nodeworx/firewall');
my $action = RPC::XML::string->new('allowDenyIps');
my $param = RPC::XML::struct->new({
'name' => RPC::XML::string->new('blocked_ips'),
'blocked_ips' => RPC::XML::string->new("@ip_list")
});
my $resp = $cli->send_request('iworx.route',
$apikey,
$ctrl_name,
$action,
$param);
my $results = $resp->value();
if ($results->{status} == 0) {
print "Success!\n";
} else {
print "Failure!\n";
}
if (ref($results->{payload}) eq 'ARRAY') {
my @payload = @{$results->{payload}};
foreach (@payload) {
my @key = @{$_};
print "@key" . "\n";
}
} else {
print $results->{payload}, "\n";
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment