Last active
July 9, 2022 02:18
-
-
Save vdbsh/c271d6be6e6e8f4a10e5f2039338c541 to your computer and use it in GitHub Desktop.
HOSTS to RPZ rules converter for DNS firewalls (like in BIND 9)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from urllib import request | |
rpz_file = 'rpz-filter.db' | |
hosts_file_url = 'https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts' | |
comment_char = '#' | |
local = ('127.0.0.1', '255.255.255.255', '::1', 'f') | |
default_route = '0.0.0.0' | |
zone_header = """$TTL 2w | |
@ IN SOA localhost. root.localhost. ( | |
2 ; serial | |
2w ; refresh | |
2w ; retry | |
2w ; expiry | |
2w) ; minimum | |
IN NS localhost. | |
""" | |
def generate_rpz_file(): | |
hosts = 0 | |
file = open(rpz_file, 'w') | |
file.write(zone_header) | |
with request.urlopen(hosts_file_url) as f: | |
for bytes in f: | |
line = bytes.decode('utf-8').strip() | |
if (not line or line.startswith(comment_char) or line.startswith(local)): | |
continue | |
domain = line[8:].split(' ')[0] | |
if domain == default_route: | |
continue | |
file.write(f'{domain} CNAME .\n') | |
file.write(f'*.{domain} CNAME .\n') | |
hosts += 1 | |
file.close() | |
print(f'Total hosts in filter: {hosts}') | |
if __name__ == '__main__': | |
generate_rpz_file() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment