Created
June 2, 2018 16:40
-
-
Save matt40k/9a40fd3b831e300de0bed02bac35a239 to your computer and use it in GitHub Desktop.
Configure Civo firewall
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Config | |
| $api_key = "" | |
| $cf_ip4_url = "https://www.cloudflare.com/ips-v4" | |
| $cf_ip6_url = "https://www.cloudflare.com/ips-v6" | |
| $api_domain = "api.civo.com" | |
| $api_version = "v2" | |
| $fw_id = "" | |
| # Don't change below | |
| $header = @{"Authorization"="Bearer " + $api_key;"Content-Type"="application/json"} | |
| $api_url = "https://$api_domain/$api_version" | |
| $cf_ip4 = (Invoke-WebRequest -Uri $cf_ip4_url).Content.Split([Environment]::NewLine) | |
| $cf_ip6 = (Invoke-WebRequest -Uri $cf_ip6_url).Content.Split([Environment]::NewLine) | |
| $fwRules | |
| Function ListFirewalls | |
| { | |
| $r = Invoke-WebRequest -Uri "$api_url/firewalls" -Method GET -Headers $header | |
| return $r.Content | ConvertFrom-Json | |
| } | |
| Function ListFirewallRules($fw_id) | |
| { | |
| $r = Invoke-WebRequest -Uri "$api_url/firewalls/$fw_id/rules" -Method GET -Headers $header | |
| return $r.Content | ConvertFrom-Json | |
| } | |
| Function CreateFirewallRule ($iprange, $desc, $fw_id) | |
| { | |
| if (-not ([string]::IsNullOrWhiteSpace($iprange))) | |
| { | |
| $protocol = "tcp" | |
| $start_port = "443" | |
| $end_port = "443" | |
| $cidr = "$iprange" | |
| #$direction = "inbound" | |
| $label = "$desc IP range - $iprange" | |
| $body = @{protocol=$protocol;start_port=$start_port;end_port=$end_port;cidr=$cidr;direction=$direction;label=$label} | ConvertTo-Json | |
| Write-Host $label | |
| $url = "$api_url/firewalls/$fw_id/rules" | |
| $r = Invoke-WebRequest -Uri $url -Method POST -Headers $header -Body $body | |
| return $r.Content | ConvertFrom-Json | |
| } | |
| } | |
| if ([string]::IsNullOrWhiteSpace($fw_id)) | |
| { | |
| # We haven't configured a firewall, so list them out so we can pick one | |
| $fws = ListFirewalls | |
| foreach ($fw in $fws) | |
| { | |
| $fwId = $fw.id | |
| $fwName = $fw.name | |
| Write-Host "$fwId -- $fwName" | |
| } | |
| } | |
| else | |
| { | |
| $fwRules = ListFirewallRules -fw_id $fw_id | |
| # foreach ($fwRule in $fwRules) | |
| # { | |
| # Write-Host $fwRule | |
| # } | |
| # | |
| foreach ($cf_ip4_address in $cf_ip4) | |
| { | |
| CreateFirewallRule -iprange $cf_ip4_address -desc "CloudFlare v4" -fw_id $fw_id | |
| } | |
| # foreach ($cf_ip6_address in $cf_ip6) | |
| # { | |
| # CreateFirewallRule -iprange $cf_ip6_address -desc "CloudFlare v6" | |
| # } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment