Last active
February 9, 2023 12:34
-
-
Save verybadsoldier/fc84f9e6dca241c95681fa97ec81f50d to your computer and use it in GitHub Desktop.
Script to update ipset list "google-ips" with Google IP range
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ipset_name="google-ips" | |
| ipset_name_tmp="google-ips-tmp" | |
| iptables_name="nginx-google-whitelist" | |
| port="7654" | |
| ######################################################### | |
| ipset -q create "$ipset_name" nethash | |
| iptables -N "$iptables_name" 2> /dev/null | |
| if [ $? -eq 0 ]; then | |
| iptables -A INPUT -p tcp -m tcp --dport $port -j "$iptables_name" | |
| iptables -A "$iptables_name" -m set ! --match-set "$ipset_name" src -j DROP | |
| fi | |
| ipset -q destroy "$ipset_name_tmp" | |
| ipset create "$ipset_name_tmp" nethash | |
| # _netblocks2 is ipv6 | |
| subdomains="_netblocks _netblocks3" | |
| for subdomain in $subdomains | |
| do | |
| response=$(nslookup -q=TXT $subdomain.google.com 8.8.8.8) | |
| ips=$(echo "$response" | egrep -o '\<ip[46]:[^ ]+' | cut -c 5-) | |
| for ip in $ips | |
| do | |
| ipset add "$ipset_name_tmp" "$ip" | |
| done | |
| done | |
| ipset swap "$ipset_name" "$ipset_name_tmp" | |
| ipset destroy "$ipset_name_tmp" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment