Created
July 17, 2015 12:12
-
-
Save jinie/712d397cfa37bcb836b5 to your computer and use it in GitHub Desktop.
EdgeOS GeoIP blocking
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import os | |
import urllib2 | |
countries={'DK':'denmark'} | |
os.system("/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper begin") | |
for country in countries.keys(): | |
url = "http://www.ipdeny.com/ipblocks/data/aggregated/%s-aggregated.zone" % country.lower() | |
os.system("/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper delete firewall group network-group %s" % countries[country]) | |
os.system("/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set firewall group network-group %s" % countries[country]) | |
for ip in urllib2.urlopen(url).readlines(): | |
os.system("/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper set firewall group network-group %s network %s" % (countries[country],ip)) | |
os.system("/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper commit") | |
os.system("/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper end") | |
Hey just wanted to let you know that its working. Also I assume this script wont work with IPv6?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I can only assume it still works. I haven’t used an edgerouter for a couple of years now, but it worked on the latest (2.x) version when I switched.
It doesn’t do any “magic” it simply parses a list of IP scopes and adds them to the firewall group.
I have no idea if the ipdeny url is still valid though.