Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Google Cloud Platform : ip address range
#!/bin/bash
# https://cloud.google.com/compute/docs/faq#find_ip_range
# nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
myarray=()
for LINE in `dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE)
for LINE2 in `dig txt $LINE +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE2)
done
done
for LINE in ${myarray[@]}
do
dig txt $LINE +short | tr " " "\n"
done | grep ip4 | cut -f 2 -d : | sort -n +0 +1 +2 +3 -t .
# changing target to _spf.google.com, you can get a simliar range now for Google Apps mail servers.
# https://support.google.com/a/answer/60764
# changing it to _netblocks.google.com will help get all the ip ranges google uses for its services.
@n0531m

This comment has been minimized.

Copy link
Owner Author

commented May 5, 2015

result can be changing frequently without notice. outcome as of 2015.05.05 :
8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23

@n0531m

This comment has been minimized.

Copy link
Owner Author

commented Jul 7, 2015

outcome as of 2015.07.07 :
8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23

@n0531m

This comment has been minimized.

Copy link
Owner Author

commented Oct 15, 2015

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23

@n0531m

This comment has been minimized.

Copy link
Owner Author

commented Nov 12, 2015

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23

@n0531m

This comment has been minimized.

Copy link
Owner Author

commented Jan 26, 2016

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23

@n0531m

This comment has been minimized.

Copy link
Owner Author

commented Jun 13, 2016

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23

@Lusitaniae

This comment has been minimized.

Copy link

commented Apr 15, 2017

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
35.184.0.0/14
35.188.0.0/15
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23

@n0531m

This comment has been minimized.

Copy link
Owner Author

commented May 25, 2017

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
35.184.0.0/14
35.188.0.0/15
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23

@tshravan

This comment has been minimized.

Copy link

commented Sep 20, 2017

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
35.184.0.0/14
35.188.0.0/15
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.202.0.0/16
35.203.0.0/17
35.203.128.0/18
35.203.240.0/20
35.206.64.0/18
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23
104.197.0.0/24

@alexanderbraga

This comment has been minimized.

Copy link

commented Dec 27, 2017

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
35.184.0.0/14
35.188.0.0/15
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.202.0.0/16
35.203.0.0/17
35.203.128.0/18
35.203.192.0/19
35.203.240.0/20
35.204.0.0/15
35.206.64.0/18
35.224.0.0/14
35.228.0.0/16
35.229.0.0/17
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23

@npmuller

This comment has been minimized.

Copy link

commented Jan 5, 2018

2018/01/05

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
23.236.48.0/20
23.251.128.0/19
35.184.0.0/14
35.188.0.0/15
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.202.0.0/16
35.203.0.0/17
35.203.128.0/18
35.203.192.0/19
35.203.240.0/20
35.204.0.0/15
35.206.64.0/18
35.224.0.0/14
35.228.0.0/16
35.229.0.0/17
104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23

@Fale

This comment has been minimized.

Copy link

commented Feb 6, 2018

is broken, because they are daisy-chaining netblocks.

If you do:

dig txt _cloud-netblocks1.googleusercontent.com +short

You will get:

"v=spf1 include:_cloud-netblocks6.googleusercontent.com ip4:8.34.208.0/20 ip4:8.35.192.0/21 ip4:8.35.200.0/23 ip4:108.59.80.0/20 ip4:108.170.192.0/20 ip4:108.170.208.0/21 ip4:108.170.216.0/22 ip4:108.170.220.0/23 ip4:108.170.222.0/24 ?all"

As you can see, there is _cloud-netblocks6.googleusercontent.com, which if you query:

$ dig txt _cloud-netblocks6.googleusercontent.com +short
"v=spf1 ip4:35.230.0.0/17 ip4:35.230.128.0/18 ip4:35.230.192.0/19 ip4:35.230.224.0/20 ip4:35.231.0.0/16 ip4:130.211.4.0/22 ?all"

Gives you classes that the output of the script is not returning

@jordipolo87

This comment has been minimized.

Copy link

commented Apr 18, 2018

8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
108.59.80.0/20
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
23.236.48.0/20
23.251.128.0/19
35.224.0.0/14
35.228.0.0/15
107.167.160.0/19
107.178.192.0/18
146.148.2.0/23
146.148.4.0/22
146.148.8.0/21
146.148.16.0/20
146.148.32.0/19
146.148.64.0/18
35.203.0.0/17
35.203.128.0/18
35.203.192.0/19
35.203.240.0/20
130.211.8.0/21
130.211.16.0/20
130.211.32.0/19
130.211.64.0/18
130.211.128.0/17
104.154.0.0/15
104.196.0.0/14
208.68.108.0/23
35.184.0.0/14
35.188.0.0/15
35.206.0.0/15
35.202.0.0/16
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.204.0.0/15
2600:1900::/35
35.230.0.0/15
35.232.0.0/15
35.234.0.0/16
35.235.0.0/18
130.211.4.0/22

@dsiebel

This comment has been minimized.

Copy link

commented May 7, 2018

Thanks for this, really helpful!
I did a little tinkering and managed to come up with a version that lists all IP ranges recursively with additional v4/v6 filtering capabilities. Thought it might be useful to others as well:

#!/usr/bin/env bash
[[ -v VERBOSE ]] && set -x
set -eu

# This script lists all ip ranges currently used by
# the google cloud platform, according to ns-lookup / dig
# TXT _cloud-netblocks.googleusercontent.com
#
# https://cloud.google.com/compute/docs/faq#ipranges

errcho() {
    >&2 echo "$@"
}

_fmt() {
    echo "$1" | cut -f "$2" -d':'
}

_txt_recursive() {
    for txt_entry in $(dig txt "$1" +short | tr " " "\n"); do
        if [[ "${txt_entry}" == include:* ]]; then
            _txt_recursive "$(_fmt ${txt_entry} 2)"
        elif [[ "${txt_entry}" == ip4:* && "${ipv4}" == true ]]; then
            _fmt "${txt_entry}" 2
        elif [[ "${txt_entry}" == ip6:* && "${ipv6}" == true ]]; then
            _fmt "${txt_entry}" 2-9
        fi
    done
}

domain="_cloud-netblocks.googleusercontent.com"

ipv4=true
ipv6=true

while (( $# > 0 )); do
    case "$1" in
        --ipv4)
            ipv6=false
            shift 1
            ;;
        --ipv6)
            ipv4=false
            shift 1
            ;;
        --domain)
            domain="$2"
            shift 2
            ;;
        *)
            errcho "Unknown option $1"
            exit 1
            ;;
    esac
done

if [[ "${ipv4}" == false && "${ipv6}" == false ]]; then
    errcho "WARN: --ipv4 and --ipv6 options are mutually exclusive and will likely prevent output"
fi

_txt_recursive "${domain}"

@losywee

This comment has been minimized.

Copy link

commented May 18, 2018

35.190.224.0/20
35.230.0.0/15
35.232.0.0/15
35.234.0.0/16
35.235.0.0/17
35.235.192.0/20
35.236.0.0/14
35.240.0.0/16
35.241.0.0/18
35.203.232.0/21
130.211.4.0/22
8.34.208.0/20
8.35.192.0/21
8.35.200.0/23
108.59.80.0/20
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
23.236.48.0/20
23.251.128.0/19
35.224.0.0/14
35.228.0.0/15
107.167.160.0/19
107.178.192.0/18
146.148.2.0/23
146.148.4.0/22
146.148.8.0/21
146.148.16.0/20
146.148.32.0/19
146.148.64.0/18
35.203.0.0/17
35.203.128.0/18
35.203.192.0/19
35.203.240.0/20
130.211.8.0/21
130.211.16.0/20
130.211.32.0/19
130.211.64.0/18
130.211.128.0/17
104.154.0.0/15
104.196.0.0/14
208.68.108.0/23
35.184.0.0/14
35.188.0.0/15
35.206.0.0/15
35.202.0.0/16
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.235.224.0/20
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.204.0.0/15
2600:1900::/35

@treii28

This comment has been minimized.

Copy link

commented Jun 13, 2018

tyvm dseibel - of course, I was trying to work with a third party app that at first was coming from amazon_aws. So I found the json list from amazon and wrote a tool to build an apache whitelist from it. Then it starts coming from google cloud. So I find a variation on the original script to generate yet another whitelist for google cloud. Then it comes from an address not included in the list generated by the original. But yours seems to be covering those addresses as well so you saved me a bunch of time!

@aaani

This comment has been minimized.

Copy link

commented Aug 20, 2018

@n0531m You're missing recursive includes. For example

You get scans at top level

$ dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :
_cloud-netblocks1.googleusercontent.com
_cloud-netblocks2.googleusercontent.com
_cloud-netblocks3.googleusercontent.com
_cloud-netblocks4.googleusercontent.com
_cloud-netblocks5.googleusercontent.com

and then ignore all but ip4 addresses. There are includes that need to be accounted for

$ dig txt _cloud-netblocks1.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :
_cloud-netblocks6.googleusercontent.com
@Civil

This comment has been minimized.

Copy link

commented Sep 11, 2018

You can use something like that:

ENDPOINT="_cloud-netblocks.googleusercontent.com"
LIST="$(dig txt ${ENDPOINT} +short | tr " " "\n" | grep include | cut -f 2 -d :)"
CONT="True"
while [[ "${CONT}" == "True" ]]; do
    LIST_OLD="${LIST}"
    for i in ${LIST_OLD}; do
        EXTRA="$(dig txt ${i} +short | tr " " "\n" | grep include | cut -f 2 -d :)"
        LIST="${LIST} ${EXTRA}"
    done
    LIST=$(tr " " "\n" <<< ${LIST} | sort -u)
    LIST_OLD=$(tr " " "\n" <<< ${LIST_OLD} | sort -u)
    if [[ "${LIST}" == "${LIST_OLD}" ]]; then
        CONT="False"
    fi
done

for i in ${LIST}; do
    dig txt ${i} +short
done | tr " " "\n" | grep ip[46]  | cut -f 2- -d : | sort -n # grep only for ip4 if you need only ipv4 addresses.
@menzow

This comment has been minimized.

Copy link

commented Oct 13, 2018

Based on previously posted responses I've written the following bash script that recursively fetches all gcp netblocks. Tried to keep the code simple and the output clean.

#!/bin/bash
netblocks=$(dig @8.8.8.8 txt _cloud-netblocks.googleusercontent.com +short | grep -Eo '_cloud\S+')

function get_netblock_ips {
    response=$(dig @8.8.8.8 txt +short "$1")
    for block in $(echo "$response" | grep -Eo 'include:\S+' | cut -d: -f2 ); do
        get_netblock_ips "$block"
    done

    echo "$response" | grep -Eo 'ip[46]:\S+' | cut -d: -f2-
}

{ for block in $netblocks; do get_netblock_ips "$block"; done } | sort -n | uniq

Example usages:

# Get both ipv4 and ipv6 ranges:
$ bash get_gcp_ips.sh

# Get ipv4 ranges:
$ bash get_gcp_ips.sh | grep -F '.'

# Get ipv6 ranges:
$ bash get_gcp_ips.sh | grep -F ':'

Edit; Fixed filename in examples.

@ibrunotome

This comment has been minimized.

Copy link

commented Jan 4, 2019

Hi @menzow, what I have to investigate to do the same, but for the .cloudfunctions.net of google functions?

@gillesdemey

This comment has been minimized.

@SteveEasley

This comment has been minimized.

Copy link

commented Mar 28, 2019

A warning. I was digging into why the Google LoadBalancer IP I was getting was not covered in the list of networks returned by this method. After some digging I realized this method (and the official method this is based on, and described in https://cloud.google.com/compute/docs/faq#find_ip_range) does not include their full list of IP addresses. The issue is the command nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8 is supposed to return all the SPF records needed to query, but does not include all of them. At this moment its returning this:

_cloud-netblocks.googleusercontent.com. 3560 IN TXT "v=spf1 include:_cloud-netblocks1.googleusercontent.com include:_cloud-netblocks2.googleusercontent.com include:_cloud-netblocks3.googleusercontent.com include:_cloud-netblocks4.googleusercontent.com include:_cloud-netblocks5.googleusercontent.com ?all"

Notice it stops at cloud-netblocks5.googleusercontent.com. But there are more records that can be queried. Manually querying cloud-netblocks6.googleusercontent.com and cloud-netblocks7.googleusercontent.com showed even more IPs. Which did include the IP I was getting.

A command that can grab these additional networks is:

for i in `seq 1 7`
do
        dig txt _cloud-netblocks${i}.googleusercontent.com  +short
done | tr " " "\n" | grep ip4  | cut -f 2 -d : | sort -n

Note that this command is naive and assumes that cloud-netblocks1.googleusercontent.com through cloud-netblocks7.googleusercontent.com exists, so buyer beware.

@n0531m

This comment has been minimized.

Copy link
Owner Author

commented Apr 1, 2019

thanks all for all the comments. made a little change so that the nested ones are handled. good catch! again, thanks for the feedback.

result as of 2019.04.01

104.154.0.0/15
104.196.0.0/14
107.167.160.0/19
107.178.192.0/18
108.170.192.0/20
108.170.208.0/21
108.170.216.0/22
108.170.220.0/23
108.170.222.0/24
108.59.80.0/20
130.211.128.0/17
130.211.16.0/20
130.211.32.0/19
130.211.4.0/22
130.211.64.0/18
130.211.8.0/21
146.148.16.0/20
146.148.2.0/23
146.148.32.0/19
146.148.4.0/22
146.148.64.0/18
146.148.8.0/21
162.216.148.0/22
162.222.176.0/21
173.255.112.0/20
192.158.28.0/22
199.192.112.0/22
199.223.232.0/22
199.223.236.0/23
208.68.108.0/23
23.236.48.0/20
23.251.128.0/19
34.64.0.0/11
34.96.0.0/15
34.98.0.0/17
35.184.0.0/14
35.188.0.0/15
35.190.0.0/17
35.190.128.0/18
35.190.192.0/19
35.190.224.0/20
35.190.240.0/22
35.190.242.0/23
35.192.0.0/14
35.196.0.0/15
35.198.0.0/16
35.199.0.0/17
35.199.128.0/18
35.200.0.0/15
35.202.0.0/16
35.203.0.0/17
35.203.128.0/18
35.203.192.0/19
35.203.232.0/21
35.203.240.0/20
35.204.0.0/14
35.206.0.0/15
35.208.0.0/13
35.216.0.0/15
35.220.0.0/14
35.224.0.0/13
35.232.0.0/15
35.234.0.0/16
35.235.0.0/17
35.235.192.0/20
35.235.216.0/21
35.235.224.0/20
35.236.0.0/14
35.240.0.0/15
35.242.0.0/15
35.244.0.0/14
8.34.208.0/20
8.35.192.0/21
8.35.200.0/23

@kulisu

This comment has been minimized.

Copy link

commented Apr 11, 2019

Use these range in OpenVPN client config (eg, route 1.2.3.0 255.255.255.0)
Save above result to GCP_IP.lst and run bash CIDR2Netmask.sh < GCP_IP.lst

#!/bin/bash

# How to change ip addressing format ..?
# https://www.unix.com/302927657-post2.html

while IFS="/" read IP S
do
        M=$(( 0xffffffff ^ ((1 << (32-S)) -1) ))
        echo "route $IP $(( (M>>24) & 0xff )).$(( (M>>16) & 0xff )).$(( (M>>8) & 0xff )).$(( M & 0xff ))"
done
# GCP Range
route 104.154.0.0 255.254.0.0
route 104.196.0.0 255.252.0.0
route 107.167.160.0 255.255.224.0
route 107.178.192.0 255.255.192.0
route 108.170.192.0 255.255.240.0
route 108.170.208.0 255.255.248.0
route 108.170.216.0 255.255.252.0
route 108.170.220.0 255.255.254.0
route 108.170.222.0 255.255.255.0
route 108.59.80.0 255.255.240.0
route 130.211.128.0 255.255.128.0
route 130.211.16.0 255.255.240.0
route 130.211.32.0 255.255.224.0
route 130.211.4.0 255.255.252.0
route 130.211.64.0 255.255.192.0
route 130.211.8.0 255.255.248.0
route 146.148.16.0 255.255.240.0
route 146.148.2.0 255.255.254.0
route 146.148.32.0 255.255.224.0
route 146.148.4.0 255.255.252.0
route 146.148.64.0 255.255.192.0
route 146.148.8.0 255.255.248.0
route 162.216.148.0 255.255.252.0
route 162.222.176.0 255.255.248.0
route 173.255.112.0 255.255.240.0
route 192.158.28.0 255.255.252.0
route 199.192.112.0 255.255.252.0
route 199.223.232.0 255.255.252.0
route 199.223.236.0 255.255.254.0
route 208.68.108.0 255.255.254.0
route 23.236.48.0 255.255.240.0
route 23.251.128.0 255.255.224.0
route 34.64.0.0 255.224.0.0
route 34.96.0.0 255.254.0.0
route 34.98.0.0 255.255.128.0
route 35.184.0.0 255.252.0.0
route 35.188.0.0 255.254.0.0
route 35.190.0.0 255.255.128.0
route 35.190.128.0 255.255.192.0
route 35.190.192.0 255.255.224.0
route 35.190.224.0 255.255.240.0
route 35.190.240.0 255.255.252.0
route 35.190.242.0 255.255.254.0
route 35.192.0.0 255.252.0.0
route 35.196.0.0 255.254.0.0
route 35.198.0.0 255.255.0.0
route 35.199.0.0 255.255.128.0
route 35.199.128.0 255.255.192.0
route 35.200.0.0 255.254.0.0
route 35.202.0.0 255.255.0.0
route 35.203.0.0 255.255.128.0
route 35.203.128.0 255.255.192.0
route 35.203.192.0 255.255.224.0
route 35.203.232.0 255.255.248.0
route 35.203.240.0 255.255.240.0
route 35.204.0.0 255.252.0.0
route 35.206.0.0 255.254.0.0
route 35.208.0.0 255.248.0.0
route 35.216.0.0 255.254.0.0
route 35.220.0.0 255.252.0.0
route 35.224.0.0 255.248.0.0
route 35.232.0.0 255.254.0.0
route 35.234.0.0 255.255.0.0
route 35.235.0.0 255.255.128.0
route 35.235.192.0 255.255.240.0
route 35.235.216.0 255.255.248.0
route 35.235.224.0 255.255.240.0
route 35.236.0.0 255.252.0.0
route 35.240.0.0 255.254.0.0
route 35.242.0.0 255.254.0.0
route 35.244.0.0 255.252.0.0
route 8.34.208.0 255.255.240.0
route 8.35.192.0 255.255.248.0
route 8.35.200.0 255.255.254.0
@Jas0n99

This comment has been minimized.

Copy link

commented Sep 4, 2019

If you want a simple recursive bash script, this one works great... You can edit it if you want to grab ip6 too...

get_dns_spf() {
   dig @8.8.8.8 +short txt "$1" |
   tr ' ' '\n' |
   while read entry; do
      case "$entry" in
             ip4:*) echo ${entry#*:} ;;
         include:*) get_dns_spf ${entry#*:} ;;
      esac
   done
}
get_dns_spf "_cloud-netblocks.googleusercontent.com"

As steve mentioned above, netblocks6 & netblocks7 are listed when you lookup netblocks1, that's why you need a recursive function (due to length limitation on SPF/TXT records).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.