Python script for Vyatta flavored configurations. Adds an IP to a block list.

blockip

#!/usr/bin/env python
import os
import sys
import vyatta

run = '/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper'
runusr = '/opt/vyatta/bin/vyatta-op-cmd-wrapper'
red=31
green=32
reset=37

def make_color(color):
        return '\033[1;%d;40m'%color

def call(command):
        return os.popen(command).read()


def callusr(command):
        cmd = '%s %s'%(runusr, command)
        return call(cmd)


def callcfg(command):
        cmd = '%s %s'%(run, command)
        return call(cmd)


def commit():
        vyatta.call('commit')

def save():
        vyatta.call('save')

def main(args):
        if len(args) < 2:
                print ("%s <ip>" % args[0])
                return
        callcfg('begin')
        callcfg("set firewall group address-group BlockedIPs address %s" % args[1])
        commit()
        callcfg('end')
        save()


main(sys.argv)

configuration.vyatta

# This is not a runnable script, rather instructions to use the script above effectively.
# I use rule 666 in my WAN_IN firewall because any IP I block deserves a special spot in Hell. sosumi

configure
edit firewall name WAN_IN rule 666
set action drop
set source group address-group BlockedIPs
exit
set firewall group address-group BlockedIPs
commit;save