Last active
April 24, 2025 08:33
-
-
Save Lu5ck/359054395988a3a9d7baf2ded45daa0f to your computer and use it in GitHub Desktop.
OpenWRT PBR Fastly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # shellcheck disable=SC2015,SC3003,SC3060 | |
| FASTLY_URL="https://api.fastly.com/public-ip-list" | |
| FASTLY_JSON_FILE="/var/tmp/pbr_fastly_ip_ranges.gz" | |
| TARGET_TABLE="inet fw4" | |
| TARGET_INTERFACE="wan" | |
| cleanup() | |
| { | |
| rm -f "$FASTLY_JSON_FILE" | |
| } | |
| trap cleanup 1 2 3 6 | |
| mkdir -p "${FASTLY_JSON_FILE%/*}" | |
| cleanup | |
| uclient-fetch --no-check-certificate -qO- "$FASTLY_URL" | gzip > "$FASTLY_JSON_FILE" | |
| [ -s "$FASTLY_JSON_FILE" ] || return 1 | |
| if [ "$(uci get pbr.config.ipv6_enabled)" = "1" ]; then | |
| FASTLY_IPs=$(zcat $FASTLY_JSON_FILE | jsonfilter -e "@.ipv6_addresses[*]") | |
| FASTLY_IPs=$(echo "$FASTLY_IPs" | xargs | sed 's/ \+/, /g') | |
| FASTLY_NFTSET="pbr_${TARGET_INTERFACE}_6_dst_ip_user" | |
| nft "add element $TARGET_TABLE $FASTLY_NFTSET { ${FASTLY_IPs//$'\n'/, } }" || return 1 | |
| unset FASTLY_IPs | |
| unset FASTLY_NFTSET | |
| fi | |
| FASTLY_IPs=$(zcat $FASTLY_JSON_FILE | jsonfilter -e "@.addresses[*]") | |
| FASTLY_IPs=$(echo "$FASTLY_IPs" | xargs | sed 's/ \+/, /g') | |
| FASTLY_NFTSET="pbr_${TARGET_INTERFACE}_4_dst_ip_user" | |
| nft "add element $TARGET_TABLE $FASTLY_NFTSET { ${FASTLY_IPs//$'\n'/, } }" || return 1 | |
| unset FASTLY_IPs | |
| unset FASTLY_NFTSET | |
| rm -f "$FASTLY_JSON_FILE" | |
| return 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment