Last active
December 24, 2023 23:13
-
-
Save tyvsmith/22d6f0542944e2824fce54435cef5016 to your computer and use it in GitHub Desktop.
OPNSense update IDS homenet with WAN addresses
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Install into /usr/local/opnsense/service/conf/actions.d/actions_ids_custom_ip.conf then can enable a cron from the web UI | |
| [update-ip] | |
| command:python3 /root/scripts/update_ids_ips.py | |
| parameters: | |
| type:script | |
| message:update IDS homenet IPs from WAN | |
| description:Update IDS homenet IPs from WAN |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| #Install into /root/scripts/update_ids_ip.py | |
| import xml.etree.ElementTree as ET | |
| import shutil | |
| import datetime | |
| import subprocess | |
| # Define file paths | |
| config_file_path = '/conf/config.xml' | |
| old_ipv4_file_path = '/tmp/igc1_oldip' | |
| old_ipv6_file_path = '/tmp/igc1_prefixv6' | |
| timestamp = datetime.datetime.now().strftime("%Y%m%d-%H%M%S") | |
| backup_file_path = f'/conf/backup/config-{timestamp}-ids-ip-update.xml' | |
| def run_command(command): | |
| """ Run a shell command and return its output """ | |
| result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) | |
| return result.stdout, result.stderr, result.returncode | |
| def read_file(file_path): | |
| with open(file_path, 'r') as file: | |
| return file.read().strip() | |
| def main(): | |
| # Read and parse the XML config file | |
| tree = ET.parse(config_file_path) | |
| root = tree.getroot() | |
| # Navigate to the <homenet> element | |
| homenet = root.find('.//IDS/general/homenet') | |
| if homenet is None: | |
| print("No <homenet> element found.") | |
| return | |
| homenet_values = homenet.text.split(',') | |
| if len(homenet_values) < 2: | |
| print("Not enough values in <homenet>.") | |
| return | |
| # Extract the last two values | |
| last_ipv4, last_ipv6 = homenet_values[-2], homenet_values[-1] | |
| # Read new values from files | |
| new_ipv4 = read_file(old_ipv4_file_path) | |
| new_ipv6 = read_file(old_ipv6_file_path) | |
| # Update if necessary | |
| if last_ipv4 != new_ipv4 or last_ipv6 != new_ipv6: | |
| homenet_values[-2], homenet_values[-1] = new_ipv4, new_ipv6 | |
| homenet.text = ','.join(homenet_values) | |
| #Backup old config before write | |
| shutil.copyfile(config_file_path, backup_file_path) | |
| # Write the updated XML back to the file | |
| tree.write(config_file_path) | |
| print("config.xml updated successfully.") | |
| output, error, return_code = run_command(['configctl', 'ids', 'restart']) | |
| if return_code == 0: | |
| print("Restarted IDS:", output) | |
| else: | |
| print("Couldn't restart IDS:", error) | |
| else: | |
| print("No update needed for config.xml.") | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment