Last active
February 27, 2019 10:24
-
-
Save whiskerz007/35a4694827be882e950e3c9ea3c47403 to your computer and use it in GitHub Desktop.
Script to update EdgeOS firewall group with Google's IP addresses
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/vbash | |
| # Update the network groups for Google | |
| PROGNAME=$(basename $0) | |
| HOST=$(which host) | |
| DNS_RECORD="_spf.google.com" | |
| DNS_RESOLVER="8.8.8.8" | |
| SED=$(which sed) | |
| SED_SCRIPT_HOSTS='$!d;s/[^"]*"v=spf1 \([^"]*\)~all".*/\1/' | |
| SED_SCRIPT_LOOKUPS="${SED_SCRIPT_HOSTS};s/[^ ]*include:\([^ ]\+\)[$]*/\1/g" | |
| NETG="Google" | |
| IPV6_PREFIX="ipv6-" | |
| CFG="/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper" | |
| CFG_FW_GRP_NETG_V4="firewall group network-group ${NETG}4" | |
| CFG_FW_GRP_NETG_NET_V4="${CFG_FW_GRP_NETG_V4} network" | |
| CFG_FW_GRP_NETG_V6="firewall group ${IPV6_PREFIX}network-group ${NETG}6" | |
| CFG_FW_GRP_NETG_NET_V6="${CFG_FW_GRP_NETG_V6} ${IPV6_PREFIX}network" | |
| ErrorExit() | |
| { | |
| ERR_TEXT="${PROGNAME}: " | |
| ERR_TEXT+="There was a problem with getting the record '$DNS_RECORD' from the dns server '$DNS_RESOLVER'." | |
| echo $ERR_TEXT | |
| exit 1 | |
| } | |
| # Get the list of TXT records for IP ranges | |
| TXT_ENTRIES="$($HOST -t txt $DNS_RECORD $DNS_RESOLVER | $SED -e "$SED_SCRIPT_LOOKUPS")" | |
| if [ ${TXT_ENTRIES:0:2} == ";;" ]; then | |
| ErrorExit host | |
| fi | |
| # Get the list of IP networks and add to variable | |
| for i in $TXT_ENTRIES ; do | |
| DNS_RECORD="${i}" | |
| TEST="$($HOST -t txt $DNS_RECORD $DNS_RESOLVER | $SED -e "$SED_SCRIPT_HOSTS")" | |
| if [ ${TEST:0:2} == ";;" ] ; then | |
| ErrorExit host | |
| fi | |
| IP_RANGES+="${TEST}" | |
| done | |
| ####################################### | |
| # Beginning of RouterOS configuration # | |
| ####################################### | |
| $CFG begin | |
| for i in 4 6 ; do | |
| $CFG delete $(eval "echo \$CFG_FW_GRP_NETG_V${i}") > /dev/null | |
| done | |
| for i in $IP_RANGES ; do | |
| $CFG set $(eval "echo \$CFG_FW_GRP_NETG_NET_V${i:2:1}") ${i:4} | |
| done | |
| for i in 4 6 ; do | |
| $CFG set $(eval "echo \$CFG_FW_GRP_NETG_V${i}") description "$NETG IPv${i} ranges updated $(date --utc +%Y-%m-%dT%H:%M:%SZ)" | |
| done | |
| $CFG commit | |
| $CFG save | |
| $CFG end | |
| ####################################### | |
| # End of RouterOS configuration # | |
| ####################################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment