tyvsmith · February 16, 2025 02:38
diff --git a/actions_ids_custom_ip.conf: b/actions_ids_custom_ip.conf:
 #Install into /usr/local/opnsense/service/conf/actions.d/actions_ids_custom_ip.conf then can enable a cron from the web UI

 [update-ip]
 command:python3 /root/scripts/update_ids_ips.py
 parameters:
 type:script
 message:update IDS homenet IPs from WAN 
 description:Update IDS homenet IPs from WAN
diff --git a/update_ids_ip.py b/update_ids_ip.py
 #!/usr/bin/env python3
 #Install into /root/scripts/update_ids_ip.py

 import xml.etree.ElementTree as ET
 import shutil
 import datetime
 import subprocess


 # Define file paths
 config_file_path = '/conf/config.xml'
 old_ipv4_file_path = '/tmp/igc1_oldip'
 old_ipv6_file_path = '/tmp/igc1_prefixv6'


 timestamp = datetime.datetime.now().strftime("%Y%m%d-%H%M%S")
 backup_file_path = f'/conf/backup/config-{timestamp}-ids-ip-update.xml'

 def run_command(command):
    """ Run a shell command and return its output """
    result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
    return result.stdout, result.stderr, result.returncode

 def read_file(file_path):
    with open(file_path, 'r') as file:
        return file.read().strip()

 def main():
    # Read and parse the XML config file
    tree = ET.parse(config_file_path)
    root = tree.getroot()

    # Navigate to the <homenet> element
    homenet = root.find('.//IDS/general/homenet')
    if homenet is None:
        print("No <homenet> element found.")
        return

    homenet_values = homenet.text.split(',')
    if len(homenet_values) < 2:
        print("Not enough values in <homenet>.")
        return

    # Extract the last two values
    last_ipv4, last_ipv6 = homenet_values[-2], homenet_values[-1]

    # Read new values from files
    new_ipv4 = read_file(old_ipv4_file_path)
    new_ipv6 = read_file(old_ipv6_file_path)

 # Update if necessary
    if last_ipv4 != new_ipv4 or last_ipv6 != new_ipv6:
        homenet_values[-2], homenet_values[-1] = new_ipv4, new_ipv6
        homenet.text = ','.join(homenet_values)
        
        #Backup old config before write
        shutil.copyfile(config_file_path, backup_file_path)

        # Write the updated XML back to the file
        tree.write(config_file_path)
        print("config.xml updated successfully.")
        output, error, return_code = run_command(['configctl', 'ids', 'restart'])
        if return_code == 0:
            print("Restarted IDS:", output)
        else:
            print("Couldn't restart IDS:", error)

    else:
        print("No update needed for config.xml.")


 if __name__ == "__main__":
    main()
	#Install into /usr/local/opnsense/service/conf/actions.d/actions_ids_custom_ip.conf then can enable a cron from the web UI

	[update-ip]
	command:python3 /root/scripts/update_ids_ips.py
	parameters:
	type:script
	message:update IDS homenet IPs from WAN
	description:Update IDS homenet IPs from WAN
	#!/usr/bin/env python3
	#Install into /root/scripts/update_ids_ip.py

	import xml.etree.ElementTree as ET
	import shutil
	import datetime
	import subprocess


	# Define file paths
	config_file_path = '/conf/config.xml'
	old_ipv4_file_path = '/tmp/igc1_oldip'
	old_ipv6_file_path = '/tmp/igc1_prefixv6'


	timestamp = datetime.datetime.now().strftime("%Y%m%d-%H%M%S")
	backup_file_path = f'/conf/backup/config-{timestamp}-ids-ip-update.xml'

	def run_command(command):
	""" Run a shell command and return its output """
	result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
	return result.stdout, result.stderr, result.returncode

	def read_file(file_path):
	with open(file_path, 'r') as file:
	return file.read().strip()

	def main():
	# Read and parse the XML config file
	tree = ET.parse(config_file_path)
	root = tree.getroot()

	# Navigate to the <homenet> element
	homenet = root.find('.//IDS/general/homenet')
	if homenet is None:
	print("No <homenet> element found.")
	return

	homenet_values = homenet.text.split(',')
	if len(homenet_values) < 2:
	print("Not enough values in <homenet>.")
	return

	# Extract the last two values
	last_ipv4, last_ipv6 = homenet_values[-2], homenet_values[-1]

	# Read new values from files
	new_ipv4 = read_file(old_ipv4_file_path)
	new_ipv6 = read_file(old_ipv6_file_path)

	# Update if necessary
	if last_ipv4 != new_ipv4 or last_ipv6 != new_ipv6:
	homenet_values[-2], homenet_values[-1] = new_ipv4, new_ipv6
	homenet.text = ','.join(homenet_values)

	#Backup old config before write
	shutil.copyfile(config_file_path, backup_file_path)

	# Write the updated XML back to the file
	tree.write(config_file_path)
	print("config.xml updated successfully.")
	output, error, return_code = run_command(['configctl', 'ids', 'restart'])
	if return_code == 0:
	print("Restarted IDS:", output)
	else:
	print("Couldn't restart IDS:", error)

	else:
	print("No update needed for config.xml.")


	if __name__ == "__main__":
	main()