Populate address group (edgeos)

erx-add-a-domain-to-addrgrp.sh

#!/usr/bin/env bash

require(){ hash "$@" 2>/dev/null || { echo "$@ is missing"; exit 127;};}

require grepcidr
require curl
require dig
require jq

## export A_GROUP="address_group_name"
## export A_GROUP_DESCRIPTION="address_group description"
## export DOMAINS="url.one url.two"
DNS="192.168.1.1"
IPS=""
CIDRranges=""

## add cloudflare ip ranges, update if older than a week
if [ "$(find . -name 'erx-cloudflare.ranges' -mtime +7)" ] || [ ! -s erx-cloudflare.ranges ]
then
    curl -qL https://www.cloudflare.com/ips-v4 2>/dev/null > erx-cloudflare.ranges
fi
CIDRranges+=$(cat erx-cloudflare.ranges)

## add twitter ip ranges - AS13414, and edgecast, and akamai
CIDRranges+=$(echo;cat twitter.ranges)

## add aws cloudfront ranges, update if older than a week
if [ "$(find . -name 'erx-cloudfront.ranges' -mtime +7)" ] || [ ! -s erx-cloudfront.ranges ]
then
    curl -qL https://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips 2>/dev/null | jq -r flatten[] > erx-cloudfront.ranges
fi
CIDRranges+=$(echo;cat erx-cloudfront.ranges)

## add fastly ranges, update if older than a week
if [ "$(find . -name 'erx-fastly.ranges' -mtime +7)" ] || [ ! -s erx-fastly.ranges ]
then
    curl -qL https://api.fastly.com/public-ip-list 2>/dev/null | jq -r .addresses[] > erx-fastly.ranges
fi
CIDRranges+=$(echo;cat erx-fastly.ranges)

for range in $CIDRranges
do
    IPS+="\nset firewall group address-group ${A_GROUP} address \"${range}\""
done

for DOMAIN in $DOMAINS
do
    IP_unf=$(dig $DOMAIN @$DNS +short | grep -vE "[a-z]")
    for IP in $(grepcidr -i "$CIDRranges" <(echo $IP_unf))
    do
        IPS+="\nset firewall group address-group ${A_GROUP} address \"${IP}\""
    done
done

echo "delete firewall group address-group ${A_GROUP}"
echo "set firewall group address-group ${A_GROUP}"
echo "set firewall group address-group ${A_GROUP} description \"${A_GROUP_DESCRIPTION}\""

echo -e $IPS | sort -u | tail -n+2
echo "commit;save"