├── web_block15.txt ├── web_block16.txt ├── web_block99.txt ├── manual_block_list.txt ├── web_block_source.txt ├── ASN_Update.sh ├── ASN.txt ├── ASN_hetzner.txt ├── webblock.sh ├── ufw_update.sh ├── ufw_update_docker.sh ├── geoblock.txt ├── ASN_LIST.txt └── SSL_VPN Config with loopback and auto-block.txt /web_block15.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /web_block16.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /web_block99.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /manual_block_list.txt: -------------------------------------------------------------------------------- 1 | 71.196.63.0/24 2 | 52.187.9.0/24 3 | 23.137.255.0/24 4 | 194.187.178.0/24 5 | 173.80.66.0/24 6 | 184.181.74.0/24 7 | 12.182.125.0/24 8 | 107.9.57.0/24 9 | 207.210.107.0/24 10 | 180.181.91.0/24 11 | 208.185.7.0/24 12 | 77.90.185.0/24 13 | 162.40.199.0/24 14 | 73.129.250.0/24 15 | 69.40.191.0/24 16 | 194.187.179.0/24 17 | 91.96.73.0/24 18 | 20.2.136.0/24 19 | 170.75.242.0/24 20 | 71.29.23.0/24 21 | 77.239.125.0/24 22 | 23.158.56.0/24 23 | 194.50.16.0/24 24 | 158.51.96.0/24 25 | 20.29.47.0/24 26 | 23.150.152.0/24 27 | 93.197.164.0/24 28 | 79.197.63.0/24 29 | 217.94.130.0/24 30 | 143.105.161.0/24 31 | 50.47.223.0/24 32 | 194.187.176.0/24 33 | 75.111.120.0/24 34 | 66.69.42.0/24 35 | 50.39.163.0/24 36 | 65.21.207.0/24 37 | 198.20.133.0/24 38 | 178.208.125.0/24 39 | 204.44.119.0/24 40 | 64.188.126.0/24 41 | 140.233.190.0/24 42 | 144.31.75.0/24 43 | 203.57.85.0/24 44 | 165.140.237.0/24 45 | 50.1.90.0/24 46 | 71.30.205.0/24 47 | 207.200.180.0/24 48 | 96.241.33.0/24 49 | 23.180.120.0/24 50 | 90.28.247.0/24 51 | 47.20.248.0/24 52 | 173.207.138.0/24 53 | 116.203.195.0/24 54 | 172.82.66.0/24 55 | 23.230.179.0/24 56 | 5.175.210.0/24 57 | 75.89.156.0/24 58 | 94.136.178.0/24 59 | 47.156.135.0/24 60 | 98.191.229.0/24 61 | 212.100.63.0/24 62 | 91.99.81.0/24 63 | 139.171.194.0/24 64 | 46.224.72.0/24 65 | 178.156.160.0/24 66 | 45.22.49.0/24 67 | 140.177.125.0/24 68 | 150.241.115.0/24 69 | 45.146.255.0/24 70 | 173.207.138.0/24 71 | 116.203.195.0/24 72 | 178.254.22.0/24 73 | 5.161.89.0/24 74 | 178.156.218.0/24 75 | 165.245.129.0/24 76 | 89.245.49.0/24 77 | 165.245.132.0/24 78 | 20.29.19.0/24 79 | 138.226.236.0/24 80 | 165.245.141.0/24 81 | 74.108.32.0/24 82 | -------------------------------------------------------------------------------- /web_block_source.txt: -------------------------------------------------------------------------------- 1 | https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser 2 | https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt 3 | https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts 4 | https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt 5 | https://v.firebog.net/hosts/Prigent-Crypto.txt 6 | https://urlhaus.abuse.ch/downloads/hostfile/ 7 | https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts 8 | https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt 9 | https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt 10 | https://adaway.org/hosts.txt 11 | https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt 12 | https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext 13 | https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts 14 | https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt 15 | https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts 16 | https://v.firebog.net/hosts/static/w3kbl.txt 17 | https://v.firebog.net/hosts/AdguardDNS.txt 18 | https://v.firebog.net/hosts/Admiral.txt 19 | https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt 20 | https://v.firebog.net/hosts/Easylist.txt 21 | https://v.firebog.net/hosts/Easyprivacy.txt 22 | https://v.firebog.net/hosts/Prigent-Ads.txt 23 | https://raw.githubusercontent.com/hectorm/hmirror/master/data/spam404.com/list.txt 24 | https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt 25 | https://raw.githubusercontent.com/hectorm/hmirror/master/data/eth-phishing-detect/list.txt 26 | https://raw.githubusercontent.com/hectorm/hmirror/master/data/anudeepnd-adservers/list.txt 27 | https://raw.githubusercontent.com/hectorm/hmirror/master/data/adguard-simplified/list.txt 28 | https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts 29 | https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts 30 | https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt 31 | https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt 32 | https://phishing.army/download/phishing_army_blocklist_extended.txt 33 | https://v.firebog.net/hosts/RPiList-Malware.txt 34 | https://v.firebog.net/hosts/RPiList-Phishing.txt 35 | https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt 36 | https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt 37 | https://someonewhocares.org/hosts/zero/hosts 38 | https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts 39 | https://winhelp2002.mvps.org/hosts.txt 40 | https://v.firebog.net/hosts/neohostsbasic.txt 41 | https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt 42 | https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt 43 | https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts 44 | https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt 45 | https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt 46 | https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt 47 | https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt 48 | https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt 49 | https://raw.githubusercontent.com/NChaves/pi-hole/main/adBlockListGetAdmiral_ABP.txt 50 | https://gist.githubusercontent.com/sidward35/cea28bedd0ec0b1bceec8c2b22c163c4/raw/2df7f061c8a2202b4e970bb6097573df21eb1e1b/hosts 51 | https://gist.githubusercontent.com/hkamran80/779019103fcd306979411d44c8d38459/raw/9e4323e75a84f652d5de5dfe5cf611621197b64f/SmartTV2.txt 52 | https://raw.githubusercontent.com/b02860de585071a2/pihole-roku-ads-blocklist/refs/heads/main/hosts 53 | https://raw.githubusercontent.com/kevle1/Windows-telemetry-blocklist/master/windowsblock.txt 54 | https://raw.githubusercontent.com/pschneider1968/pihole-bl-msft-telemetry-bsi/refs/heads/master/msft_telemetry_bsi.txt -------------------------------------------------------------------------------- /ASN_Update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Version 4/10/2025 3 | #By Brian Wallace 4 | 5 | Working_Dir="/volume1/web/ASN_List2" 6 | Working_Dir="/mnt/c/scripts/ASN_List2" 7 | 8 | ########################################################################## 9 | #create a lock file and temp directory directory to prevent more than one instance of this script from executing at once 10 | ########################################################################## 11 | if ! mkdir "$Working_Dir/tmp"; then 12 | echo -e "Failed to acquire lock\n" >&2 13 | exit 1 14 | fi 15 | trap 'rm -rf $Working_Dir/tmp/' EXIT #remove the lockdir on exit 16 | 17 | 18 | ########################################################################## 19 | #create logging directory if does not exist and creating log file 20 | ########################################################################## 21 | if [[ -d "$Working_Dir/log/" ]]; then 22 | echo "Log directory \"$Working_Dir/log/\" exists" 23 | else 24 | if ! mkdir "$Working_Dir/log"; then 25 | echo -e "Failed to create log directory \"$Working_Dir/log/\"\n" >&2 26 | exit 1 27 | else 28 | echo "Created Log directory \"$Working_Dir/log/\"" 29 | fi 30 | fi 31 | date=$(date '+%Y-%m-%d') 32 | echo "Log Date: $date" > "$Working_Dir/log/$date.txt" 33 | if [[ ! -w "$Working_Dir/log/$date.txt" ]]; then 34 | echo -e "Failed to create log file \"$Working_Dir/log/$date.txt\"\n" >&2 35 | exit 1 36 | fi 37 | 38 | 39 | ########################################################################## 40 | #download all of the ASN text files 41 | ########################################################################## 42 | if [[ ! -r "$Working_Dir/ASN.txt" ]]; then 43 | echo -e "Unable to read required file \"$Working_Dir/ASN.txt\"\n" >&2 44 | exit 1 45 | fi 46 | 47 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 48 | echo "download all of the ASN text files" |& tee -a "$Working_Dir/log/$date.txt" 49 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 50 | 51 | num_ASN=$(wc -l < "$Working_Dir/ASN.txt") 52 | counter=1 53 | 54 | while read -r line; do 55 | echo "ASN $counter/$num_ASN - Processing \"${line//[$'\t\r\n ']}\"" |& tee -a "$Working_Dir/log/$date.txt" 56 | let counter=counter+1 57 | curl -s "https://asn.ipinfo.app/api/text/list/${line//[$'\t\r\n ']}" > "$Working_Dir/tmp/${line//[$'\t\r\n ']}.txt" 58 | num_lines=$(wc -l < "$Working_Dir/tmp/${line//[$'\t\r\n ']}.txt") 59 | if [ "$num_lines" -gt 0 ]; then 60 | echo -e "\n$num_lines Subnets Downloaded from ${line//[$'\t\r\n ']}\n" |& tee -a "$Working_Dir/log/$date.txt" 61 | else 62 | echo -e "\nWARNING - ${line//[$'\t\r\n ']} Returned Zero Subnets\n" |& tee -a "$Working_Dir/log/$date.txt" 63 | fi 64 | 65 | done < "$Working_Dir/ASN.txt" 66 | 67 | 68 | ########################################################################## 69 | # Combine all text files 70 | ########################################################################## 71 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 72 | echo "Combining all text files" |& tee -a "$Working_Dir/log/$date.txt" 73 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 74 | 75 | cd "$Working_Dir/tmp/" || exit 1 76 | cat *.txt > "$Working_Dir/master.txt" 77 | 78 | ########################################################################## 79 | # Sort Addresses 80 | ########################################################################## 81 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 82 | echo "Sorting Addresses" |& tee -a "$Working_Dir/log/$date.txt" 83 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 84 | 85 | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n "$Working_Dir/master.txt" > "$Working_Dir/asn_block.txt" 86 | 87 | rm "$Working_Dir/master.txt" 88 | 89 | num_lines1=$(wc -l < "$Working_Dir/asn_block.txt") 90 | echo -e "Total Blocked Subnets: $num_lines1\n\n" |& tee -a "$Working_Dir/log/$date.txt" 91 | 92 | ########################################################################## 93 | # Aggregate Address Subnets 94 | ########################################################################## 95 | #echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 96 | #echo "Aggregate Address Subnets" |& tee -a "$Working_Dir/log/$date.txt" 97 | #echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 98 | 99 | #cd "~/.local/bin" || exit 1 100 | #~/.local/share/pipx/venvs/aggregate6/bin 101 | 102 | #./aggregate6 "/mnt/c/scripts/ASN_List2/asn_block.txt" > "/mnt/c/scripts/ASN_List2/asn_block1.1.txt" 103 | 104 | #num_lines2=$(wc -l < "$Working_Dir/asn_block1.1.txt") 105 | #echo -e "Total Blocked Subnets: $num_lines2\n\n" |& tee -a "$Working_Dir/log/$date.txt" 106 | #echo -e "$(( $num_lines1 - $num_lines2 )) Aggregated into Wider Subnet\n\n" |& tee -a "$Working_Dir/log/$date.txt" 107 | -------------------------------------------------------------------------------- /ASN.txt: -------------------------------------------------------------------------------- 1 | AS46844 2 | AS53340 3 | AS53559 4 | AS53597 5 | AS53667 6 | AS53755 7 | AS53850 8 | AS54455 9 | AS54489 10 | AS63018 11 | AS63199 12 | AS63473 13 | AS64245 14 | AS394380 15 | AS395111 16 | AS35830 17 | AS45102 18 | AS206728 19 | AS398722 20 | AS212027 21 | AS142002 22 | AS398324 23 | AS51167 24 | AS396356 25 | AS62744 26 | AS56971 27 | AS210644 28 | AS47890 29 | AS29802 30 | AS14956 31 | AS62904 32 | AS200373 33 | AS984 34 | AS24669 35 | AS214943 36 | AS51765 37 | AS211298 38 | AS396982 39 | AS37963 40 | AS395092 41 | AS135377 42 | AS965 43 | AS1824 44 | AS9290 45 | AS9678 46 | AS10747 47 | AS10991 48 | AS12266 49 | AS12417 50 | AS12488 51 | AS14670 52 | AS14987 53 | AS15919 54 | AS17881 55 | AS22903 56 | AS21581 57 | AS19133 58 | AS23881 59 | AS29119 60 | AS29262 61 | AS29452 62 | AS30893 63 | AS31333 64 | AS31590 65 | AS34420 66 | AS36231 67 | AS36791 68 | AS39150 69 | AS39647 70 | AS39704 71 | AS44477 72 | AS22612 73 | AS12312 74 | AS64419 75 | AS204957 76 | AS61112 77 | AS8100 78 | AS16276 79 | AS35540 80 | AS394814 81 | AS35478 82 | AS22384 83 | AS46562 84 | AS39486 85 | AS44144 86 | AS133499 87 | AS134450 88 | AS203020 89 | AS204287 90 | AS207990 91 | AS11878 92 | AS6939 93 | AS60068 94 | AS212238 95 | AS211612 96 | AS50446 97 | AS9009 98 | AS16247 99 | AS42973 100 | AS35536 101 | AS9312 102 | AS8888 103 | AS6233 104 | AS4785 105 | AS3258 106 | AS3214 107 | AS949 108 | AS14315 109 | AS18779 110 | AS7005 111 | AS26666 112 | AS13335 113 | AS202623 114 | AS395747 115 | AS62651 116 | AS54203 117 | AS54138 118 | AS50667 119 | AS31362 120 | AS13926 121 | AS24940 122 | AS212317 123 | AS213230 124 | AS213006 125 | AS213005 126 | AS212862 127 | AS212861 128 | AS204286 129 | AS202636 130 | AS200908 131 | AS17470 132 | AS209372 133 | AS45887 134 | AS63949 135 | AS61317 136 | AS263735 137 | AS263740 138 | AS14061 139 | AS8075 140 | AS62240 141 | AS36352 142 | AS12876 143 | AS37518 144 | AS132203 145 | AS45090 146 | AS55286 147 | AS210558 148 | AS206092 149 | AS26548 150 | AS137409 151 | AS14576 152 | AS40861 153 | AS36007 154 | AS24961 155 | AS39572 156 | AS5384 157 | AS8966 158 | AS834 159 | AS932 160 | AS6134 161 | AS33333 162 | AS35624 163 | AS3223 164 | AS3842 165 | AS4694 166 | AS5577 167 | AS6724 168 | AS7203 169 | AS7489 170 | AS7506 171 | AS7850 172 | AS7979 173 | AS8455 174 | AS8560 175 | AS9370 176 | AS10297 177 | AS10439 178 | AS11831 179 | AS12586 180 | AS13213 181 | AS13739 182 | AS14127 183 | AS14618 184 | AS16509 185 | AS15083 186 | AS15169 187 | AS15395 188 | AS15497 189 | AS15510 190 | AS15626 191 | AS16125 192 | AS16262 193 | AS16628 194 | AS17216 195 | AS18450 196 | AS18978 197 | AS19084 198 | AS19318 199 | AS19437 200 | AS19531 201 | AS19624 202 | AS19871 203 | AS19969 204 | AS20021 205 | AS20264 206 | AS20454 207 | AS20473 208 | AS20598 209 | AS21859 210 | AS22363 211 | AS22552 212 | AS22781 213 | AS23033 214 | AS23342 215 | AS23352 216 | AS25780 217 | AS29838 218 | AS29854 219 | AS30083 220 | AS30475 221 | AS30633 222 | AS32097 223 | AS32181 224 | AS32244 225 | AS32475 226 | AS32780 227 | AS33083 228 | AS33182 229 | AS33302 230 | AS33480 231 | AS33724 232 | AS35908 233 | AS35916 234 | AS36114 235 | AS36351 236 | AS36666 237 | AS40156 238 | AS40244 239 | AS40676 240 | AS40824 241 | AS46261 242 | AS46475 243 | AS46664 244 | AS41111 245 | AS41634 246 | AS41637 247 | AS41665 248 | AS41828 249 | AS42442 250 | AS42612 251 | AS42675 252 | AS42699 253 | AS43541 254 | AS44051 255 | AS44716 256 | AS45187 257 | AS47583 258 | AS48014 259 | AS49581 260 | AS50415 261 | AS51050 262 | AS52000 263 | AS52465 264 | AS54527 265 | AS55293 266 | AS55720 267 | AS57286 268 | AS59711 269 | AS60800 270 | AS63051 271 | AS64200 272 | AS136052 273 | AS136171 274 | AS200000 275 | AS200719 276 | AS201200 277 | AS201446 278 | AS201983 279 | AS202015 280 | AS202759 281 | AS205220 282 | AS206331 283 | AS207605 284 | AS208332 285 | AS210619 286 | AS212477 287 | AS213646 288 | AS216139 289 | AS396073 290 | AS215859 291 | AS8987 292 | AS40021 293 | AS31898 294 | AS136907 295 | AS132420 296 | AS4837 297 | AS62068 298 | AS202425 299 | AS136557 300 | AS214238 301 | AS198953 302 | AS209605 303 | AS202306 304 | AS141892 305 | AS39724 306 | AS44306 307 | AS18101 308 | AS45899 309 | AS23673 310 | AS198571 311 | AS971 312 | AS13332 313 | AS7643 314 | AS135905 315 | AS18403 316 | AS24186 317 | AS135761 318 | AS25799 319 | AS33970 320 | AS51332 321 | AS274103 322 | AS37371 323 | AS55990 324 | AS63655 325 | AS131444 326 | AS141180 327 | AS9498 328 | AS24560 329 | AS45609 330 | AS213790 331 | AS4818 332 | AS10081 333 | AS215929 334 | AS207915 335 | AS8068 336 | AS8069 337 | AS8070 338 | AS19551 339 | AS38235 340 | AS137952 341 | AS262287 342 | AS213412 343 | AS46558 344 | AS401696 345 | AS46606 346 | AS398705 347 | AS51396 348 | AS26277 349 | AS210630 350 | AS19527 351 | AS59134 352 | AS212512 353 | AS36223 354 | AS28753 355 | AS209800 356 | AS401120 357 | -------------------------------------------------------------------------------- /ASN_hetzner.txt: -------------------------------------------------------------------------------- 1 | AS46844 2 | AS53340 3 | AS53559 4 | AS53597 5 | AS53667 6 | AS53755 7 | AS53850 8 | AS54455 9 | AS54489 10 | AS63018 11 | AS63199 12 | AS63473 13 | AS64245 14 | AS394380 15 | AS395111 16 | AS35830 17 | AS45102 18 | AS206728 19 | AS398722 20 | AS212027 21 | AS142002 22 | AS398324 23 | AS51167 24 | AS396356 25 | AS62744 26 | AS56971 27 | AS210644 28 | AS47890 29 | AS29802 30 | AS14956 31 | AS62904 32 | AS200373 33 | AS984 34 | AS24669 35 | AS214943 36 | AS51765 37 | AS211298 38 | AS396982 39 | AS37963 40 | AS395092 41 | AS135377 42 | AS965 43 | AS1824 44 | AS9290 45 | AS9678 46 | AS10747 47 | AS10991 48 | AS12266 49 | AS12417 50 | AS12488 51 | AS14670 52 | AS14987 53 | AS15919 54 | AS17881 55 | AS22903 56 | AS21581 57 | AS19133 58 | AS23881 59 | AS29119 60 | AS29262 61 | AS29452 62 | AS30893 63 | AS31333 64 | AS31590 65 | AS34420 66 | AS36231 67 | AS36791 68 | AS39150 69 | AS39647 70 | AS39704 71 | AS44477 72 | AS22612 73 | AS12312 74 | AS64419 75 | AS204957 76 | AS61112 77 | AS8100 78 | AS16276 79 | AS35540 80 | AS394814 81 | AS35478 82 | AS22384 83 | AS46562 84 | AS39486 85 | AS44144 86 | AS133499 87 | AS134450 88 | AS203020 89 | AS204287 90 | AS207990 91 | AS11878 92 | AS6939 93 | AS60068 94 | AS212238 95 | AS211612 96 | AS50446 97 | AS9009 98 | AS16247 99 | AS42973 100 | AS35536 101 | AS9312 102 | AS8888 103 | AS6233 104 | AS4785 105 | AS3258 106 | AS3214 107 | AS949 108 | AS14315 109 | AS18779 110 | AS7005 111 | AS26666 112 | AS13335 113 | AS202623 114 | AS395747 115 | AS62651 116 | AS54203 117 | AS54138 118 | AS50667 119 | AS31362 120 | AS13926 121 | AS213006 122 | AS213005 123 | AS212862 124 | AS212861 125 | AS204286 126 | AS202636 127 | AS200908 128 | AS17470 129 | AS209372 130 | AS45887 131 | AS63949 132 | AS61317 133 | AS263735 134 | AS263740 135 | AS14061 136 | AS8075 137 | AS62240 138 | AS36352 139 | AS12876 140 | AS37518 141 | AS132203 142 | AS45090 143 | AS55286 144 | AS210558 145 | AS206092 146 | AS26548 147 | AS137409 148 | AS14576 149 | AS40861 150 | AS36007 151 | AS24961 152 | AS39572 153 | AS5384 154 | AS8966 155 | AS834 156 | AS932 157 | AS6134 158 | AS33333 159 | AS35624 160 | AS3223 161 | AS3842 162 | AS4694 163 | AS5577 164 | AS6724 165 | AS7203 166 | AS7489 167 | AS7506 168 | AS7850 169 | AS7979 170 | AS8455 171 | AS8560 172 | AS9370 173 | AS10297 174 | AS10439 175 | AS11831 176 | AS12586 177 | AS13213 178 | AS13739 179 | AS14127 180 | AS14618 181 | AS16509 182 | AS15083 183 | AS15169 184 | AS15395 185 | AS15497 186 | AS15510 187 | AS15626 188 | AS16125 189 | AS16262 190 | AS16628 191 | AS17216 192 | AS18450 193 | AS18978 194 | AS19084 195 | AS19318 196 | AS19437 197 | AS19531 198 | AS19624 199 | AS19871 200 | AS19969 201 | AS20021 202 | AS20264 203 | AS20454 204 | AS20473 205 | AS20598 206 | AS21859 207 | AS22363 208 | AS22552 209 | AS22781 210 | AS23033 211 | AS23342 212 | AS23352 213 | AS25780 214 | AS29838 215 | AS29854 216 | AS30083 217 | AS30475 218 | AS30633 219 | AS32097 220 | AS32181 221 | AS32244 222 | AS32475 223 | AS32780 224 | AS33083 225 | AS33182 226 | AS33302 227 | AS33480 228 | AS33724 229 | AS35908 230 | AS35916 231 | AS36114 232 | AS36351 233 | AS36666 234 | AS40156 235 | AS40244 236 | AS40676 237 | AS40824 238 | AS46261 239 | AS46475 240 | AS46664 241 | AS41111 242 | AS41634 243 | AS41637 244 | AS41665 245 | AS41828 246 | AS42442 247 | AS42612 248 | AS42675 249 | AS42699 250 | AS43541 251 | AS44051 252 | AS44716 253 | AS45187 254 | AS47583 255 | AS48014 256 | AS49581 257 | AS50415 258 | AS51050 259 | AS52000 260 | AS52465 261 | AS54527 262 | AS55293 263 | AS55720 264 | AS57286 265 | AS59711 266 | AS60800 267 | AS63051 268 | AS64200 269 | AS136052 270 | AS136171 271 | AS200000 272 | AS200719 273 | AS201200 274 | AS201446 275 | AS201983 276 | AS202015 277 | AS202759 278 | AS205220 279 | AS206331 280 | AS207605 281 | AS208332 282 | AS210619 283 | AS212477 284 | AS213646 285 | AS216139 286 | AS396073 287 | AS8987 288 | AS40021 289 | AS31898 290 | AS136907 291 | AS132420 292 | AS214238 293 | AS136557 294 | AS198953 295 | AS209605 296 | AS202306 297 | AS141892 298 | AS39724 299 | AS44306 300 | AS18101 301 | AS45899 302 | AS23673 303 | AS198571 304 | AS971 305 | AS13332 306 | AS7643 307 | AS135905 308 | AS18403 309 | AS24186 310 | AS135761 311 | AS25799 312 | AS33970 313 | AS51332 314 | AS274103 315 | AS37371 316 | AS55990 317 | AS63655 318 | AS131444 319 | AS141180 320 | AS9498 321 | AS24560 322 | AS45609 323 | AS213790 324 | AS4818 325 | AS10081 326 | AS215929 327 | AS207915 328 | AS8068 329 | AS8069 330 | AS8070 331 | AS19551 332 | AS38235 333 | AS137952 334 | AS262287 335 | AS213412 336 | AS46558 337 | AS680 338 | AS401696 339 | AS46606 340 | AS398705 341 | AS51396 342 | AS3209 343 | AS26277 344 | AS210630 345 | AS19527 346 | AS174 347 | AS59134 348 | AS398721 349 | AS212512 350 | AS6167 351 | AS36223 352 | AS28753 353 | AS209800 354 | AS401120 355 | AS4837 356 | AS202425 357 | AS19165 358 | AS35042 359 | AS14593 360 | AS63023 361 | AS397270 362 | AS49870 363 | AS215439 364 | AS393398 365 | AS9145 366 | AS42969 367 | AS3215 368 | AS53514 369 | AS54155 370 | AS137643 371 | AS213877 372 | AS214209 373 | AS136258 374 | AS149440 375 | AS208843 376 | AS63023 377 | AS49683 378 | AS41745 379 | AS401984 380 | AS131642 381 | AS4134 382 | AS17621 383 | AS24445 384 | AS400618 385 | AS23470 386 | AS24444 387 | AS197860 388 | AS3462 389 | AS206996 390 | AS42422 391 | AS9808 392 | AS51659 393 | AS138915 394 | AS4538 395 | AS213438 396 | AS400619 397 | AS49981 398 | AS56048 399 | AS201351 400 | AS138997 401 | AS212336 402 | AS4760 403 | AS24940 404 | AS398478 405 | AS214967 406 | AS201814 407 | AS146961 408 | AS202662 409 | AS152320 410 | AS56046 411 | AS56040 412 | AS215311 413 | AS399629 414 | AS23961 415 | AS36530 416 | AS214196 417 | -------------------------------------------------------------------------------- /webblock.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # shellcheck disable=SC2219,SC2035 3 | #Version 4/11/2025 4 | #By Brian Wallace 5 | 6 | #ingest file parameters 7 | Working_Dir="/volume1/web/DNS_FG-91G" 8 | 9 | #influxDB parameters 10 | snmp_device_name="FG-91G" 11 | measurement="fortigate_blocked_domains" 12 | influxdb_host="localhost" 13 | influxdb_port="8086" 14 | influxdb_pass="xxxxxx" 15 | influxdb_name="db_name" 16 | influxdb_http_type="http" 17 | influxdb_org="my_org" 18 | 19 | #************************************************************* 20 | #************************************************************* 21 | #SCIPT START 22 | #************************************************************* 23 | #************************************************************* 24 | 25 | ########################################################################## 26 | #create a lock file and temp directory directory to prevent more than one instance of this script from executing at once 27 | ########################################################################## 28 | if ! mkdir "$Working_Dir/tmp"; then 29 | echo -e "Failed to acquire lock\n" >&2 30 | exit 1 31 | fi 32 | trap 'rm -rf $Working_Dir/tmp/' EXIT #remove the lockdir on exit 33 | 34 | 35 | ########################################################################## 36 | #create logging directory if does not exist and creating log file 37 | ########################################################################## 38 | if [[ -d "$Working_Dir/log/" ]]; then 39 | echo "Log directory \"$Working_Dir/log/\" exists" 40 | else 41 | if ! mkdir "$Working_Dir/log"; then 42 | echo -e "Failed to create log directory \"$Working_Dir/log/\"\n" >&2 43 | exit 1 44 | else 45 | echo "Created Log directory \"$Working_Dir/log/\"" 46 | fi 47 | fi 48 | date=$(date '+%Y-%m-%d') 49 | echo "Log Date: $date" > "$Working_Dir/log/$date.txt" 50 | if [[ ! -w "$Working_Dir/log/$date.txt" ]]; then 51 | echo -e "Failed to create log file \"$Working_Dir/log/$date.txt\"\n" >&2 52 | exit 1 53 | fi 54 | 55 | ######################################################### 56 | #this function pings google.com to confirm internet access is working prior to sending email notifications 57 | ######################################################### 58 | check_internet() { 59 | ping -c1 "google.com" > /dev/null #ping google.com 60 | local status=$? 61 | if ! (exit $status); then 62 | false 63 | else 64 | true 65 | fi 66 | } 67 | 68 | ######################################################### 69 | #script main 70 | ######################################################### 71 | 72 | ########################################################################## 73 | #download all of the Pie Hole Block List text files 74 | ########################################################################## 75 | if [[ ! -r "$Working_Dir/web_block_source.txt" ]]; then 76 | echo -e "Unable to read required file \"$Working_Dir/web_block_source.txt\"\n" >&2 77 | exit 1 78 | fi 79 | 80 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 81 | echo "download all of the Pie Hole Block List text files" |& tee -a "$Working_Dir/log/$date.txt" 82 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 83 | 84 | counter=1 85 | 86 | while read -r line; do 87 | let counter=counter+1 88 | wget -q -O "$counter.txt" "${line//[$'\t\r\n ']}" 89 | mv "$Working_Dir/$counter.txt" "$Working_Dir/tmp/$counter.txt" 90 | num_lines=$(wc -l < "$Working_Dir/tmp/$counter.txt") 91 | if [ "$num_lines" -eq 0 ]; then 92 | #echo "$num_lines Subnets Downloaded from ${line//[$'\t\r\n ']}" |& tee -a "$Working_Dir/log/$date.txt" 93 | #else 94 | echo -e "\nWARNING - ${line//[$'\t\r\n ']} Returned Zero Results\n" |& tee -a "$Working_Dir/log/$date.txt" 95 | fi 96 | 97 | done < "$Working_Dir/web_block_source.txt" 98 | 99 | 100 | ########################################################################## 101 | # Combine all text files 102 | ########################################################################## 103 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 104 | echo "Combining all text files" |& tee -a "$Working_Dir/log/$date.txt" 105 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 106 | 107 | cd "$Working_Dir/tmp/" || exit 1 108 | cat *.txt > "$Working_Dir/master.txt" 109 | num_lines=$(wc -l < "$Working_Dir/master.txt") 110 | 111 | echo -e "Total Lines Of Data Downloaded: $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 112 | 113 | if [[ $num_lines -eq 0 ]]; then 114 | echo -e "number of lines is zero, something is wrong" 115 | exit 1 116 | fi 117 | 118 | counter=1 119 | echo -e "Processing data to be compatable with Fortigate External Threat Feeds\n" |& tee -a "$Working_Dir/log/$date.txt" 120 | echo -e "Removing the following items: \"127.0.0.1 \", \"localhost\", \"::1 \", \"0.0.0.0 \", \"0.0.0.0\", \"127.0.0.1 \", \".localdomain\", \"255.255.255.255 broadcasthost\", \"::1\" , \"|\" , \"^\"\n\n" |& tee -a "$Working_Dir/log/$date.txt" 121 | sed -i -e 's/\(127.0.0.1 \|localhost\|::1 \|0.0.0.0 \|0.0.0.0\|.localdomain\|255.255.255.255 broadcasthost\|::1\)//g' "$Working_Dir/master.txt" 122 | num_lines=$(wc -l < "$Working_Dir/master.txt") 123 | echo -e "Data Removed - Current blocked URLs is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 124 | 125 | echo -e "Clearing all comment lines starting with \"#\"" |& tee -a "$Working_Dir/log/$date.txt" 126 | sed -i 's/#.*$//' "$Working_Dir/master.txt" #delete lines starting with # as those are comments 127 | num_lines=$(wc -l < "$Working_Dir/master.txt") 128 | echo -e "Data Removed - Current blocked URLs is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 129 | 130 | if [[ $num_lines -eq 0 ]]; then 131 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 132 | exit 1 133 | fi 134 | 135 | echo -e "Deleting all Empty/Cleared Lines" |& tee -a "$Working_Dir/log/$date.txt" 136 | sed -i '/^\s*$/d' "$Working_Dir/master.txt" #delete empty lines 137 | num_lines=$(wc -l < "$Working_Dir/master.txt") 138 | echo -e "Data Removed - Current blocked URLs is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 139 | 140 | if [[ $num_lines -eq 0 ]]; then 141 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 142 | exit 1 143 | fi 144 | 145 | echo -e "Deleting all other instances of \"!\" \"|\" \"^\" \"?\" \"=\" and \" \" within the file as these are not allowable URL characters" |& tee -a "$Working_Dir/log/$date.txt" 146 | sed -i 's|[|!^?= },]||g' "$Working_Dir/master.txt" 147 | num_lines=$(wc -l < "$Working_Dir/master.txt") 148 | echo -e "Data Removed - Current blocked URLs is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 149 | 150 | if [[ $num_lines -eq 0 ]]; then 151 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 152 | exit 1 153 | fi 154 | 155 | echo -e "Deleting all duplicate entries" |& tee -a "$Working_Dir/log/$date.txt" 156 | awk -i inplace '!seen[$0]++' "$Working_Dir/master.txt" # delete duplicates 157 | num_lines=$(wc -l < "$Working_Dir/master.txt") 158 | echo -e "Duplicate lines removed. Final Total blocked URLs is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 159 | 160 | if [[ $num_lines -eq 0 ]]; then 161 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 162 | exit 1 163 | fi 164 | 165 | 166 | echo -e "splitting results into separate files containing no more than 131,000 entries\n\n" |& tee -a "$Working_Dir/log/$date.txt" 167 | lines=0 168 | file_name_counter=0 169 | echo -e "saving entries to $Working_Dir/web_block0.txt\n" |& tee -a "$Working_Dir/log/$date.txt" 170 | echo "" > "$Working_Dir/web_block0.txt" #reset the contents if old contents were there before 171 | while read -r line; do 172 | echo "$line" >> "$Working_Dir/web_block$file_name_counter.txt" 173 | let lines=lines+1 174 | if [[ $lines -gt 131000 ]]; then 175 | let file_name_counter=file_name_counter+1 176 | echo -e "saving entries to $Working_Dir/web_block$file_name_counter.txt\n" |& tee -a "$Working_Dir/log/$date.txt" 177 | lines=0 178 | echo "" > "$Working_Dir/web_block$file_name_counter.txt" #reset the contents if old contents were there before 179 | fi 180 | done < "$Working_Dir/master.txt" 181 | 182 | echo -e "Web Block Processing Complete. Final Total blocked URLs is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 183 | 184 | #Post stats to influxdb 185 | post_url="$measurement,snmp_device_name=$snmp_device_name num_lines=$num_lines" 186 | 187 | curl -XPOST "$influxdb_http_type://$influxdb_host:$influxdb_port/api/v2/write?bucket=$influxdb_name&org=$influxdb_org" -H "Authorization: Token $influxdb_pass" --data-raw "$post_url" 188 | -------------------------------------------------------------------------------- /ufw_update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # shellcheck disable=SC2028,SC2219,SC2035,SC2086 3 | #Note this script needs two external files 4 | #ASN.txt --> This file contains the different ASNs this script will download and Block 5 | #geoblock.txt --> This file contains the different country IP lists this script will download and Block 6 | 7 | ipv6=0 #set to a 1 to add IPv6 addresses to the UFW configuration 8 | test_mode=0 #set to a "1" to download and compare settings, but do NOT change any of the current settings on the system 9 | block_ASN=1 10 | block_geo=1 11 | Working_Dir="/var/www" 12 | 13 | ########################################################################## 14 | #create a lock file and temp directory directory to prevent more than one instance of this script from executing at once 15 | ########################################################################## 16 | 17 | if ! mkdir "$Working_Dir/tmp"; then 18 | echo "Failed to acquire lock and creating temp directory failed.\n" >&2 19 | exit 1 20 | fi 21 | trap 'rm -rf $Working_Dir/tmp' EXIT #remove the lockdir on exit 22 | 23 | ########################################################################## 24 | #create logging directory if does not exist and creating log file 25 | ########################################################################## 26 | if [[ -d "$Working_Dir/log/" ]]; then 27 | echo "Log directory \"$Working_Dir/log/\" exists" 28 | else 29 | if ! mkdir "$Working_Dir/log"; then 30 | echo -e "Failed to create log directory \"$Working_Dir/log/\"\n" >&2 31 | exit 1 32 | else 33 | echo "Created Log directory \"$Working_Dir/log/\"" 34 | fi 35 | fi 36 | date=$(date '+%Y-%m-%d') 37 | echo "Log Date: $date" > "$Working_Dir/log/$date.txt" 38 | if [[ ! -w "$Working_Dir/log/$date.txt" ]]; then 39 | echo -e "Failed to create log file \"$Working_Dir/log/$date.txt\"\n" >&2 40 | exit 1 41 | fi 42 | 43 | ########################################################################## 44 | #download all of the ASN text files 45 | ########################################################################## 46 | if [[ $block_ASN -eq 1 ]]; then 47 | if [[ ! -r "$Working_Dir/ASN.txt" ]]; then 48 | echo -e "Unable to read required file \"$Working_Dir/ASN.txt\"\n" |& tee -a "$Working_Dir/log/$date.txt" 49 | exit 1 50 | fi 51 | 52 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 53 | echo "download all of the ASN text files" |& tee -a "$Working_Dir/log/$date.txt" 54 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 55 | 56 | num_ASN=$(wc -l < "$Working_Dir/ASN.txt") 57 | counter=1 58 | 59 | while read -r line; do 60 | echo "ASN $counter/$num_ASN - Processing \"${line//[$'\t\r\n ']}\"" |& tee -a "$Working_Dir/log/$date.txt" 61 | let counter=counter+1 62 | curl -s "https://asn.ipinfo.app/api/text/list/${line//[$'\t\r\n ']}" > "$Working_Dir/tmp/ASN$counter.txt" 63 | num_lines=$(wc -l < "$Working_Dir/tmp/ASN$counter.txt") 64 | if [ "$num_lines" -gt 0 ]; then 65 | echo -e "\n$num_lines Subnets Downloaded from ${line//[$'\t\r\n ']}\n" |& tee -a "$Working_Dir/log/$date.txt" 66 | else 67 | echo -e "\nWARNING - ${line//[$'\t\r\n ']} Returned Zero Subnets\n" |& tee -a "$Working_Dir/log/$date.txt" 68 | fi 69 | 70 | done < "$Working_Dir/ASN.txt" 71 | 72 | else 73 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 74 | echo "Skipping ASN Block Lists" |& tee -a "$Working_Dir/log/$date.txt" 75 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 76 | fi 77 | 78 | ########################################################################## 79 | #download GEOBLOCK text files 80 | #supply of IPs for different countries: https://github.com/herrbischoff/country-ip-blocks/tree/master/ipv4 81 | #country codes: https://www.iban.com/country-codes 82 | ########################################################################## 83 | if [[ $block_geo -eq 1 ]]; then 84 | 85 | if [[ ! -r "$Working_Dir/geoblock.txt" ]]; then 86 | echo -e "Unable to read required file \"$Working_Dir/geoblock.txt\"\n" |& tee -a "$Working_Dir/log/$date.txt" 87 | exit 1 88 | fi 89 | 90 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 91 | echo "download all of the geoblock text files" |& tee -a "$Working_Dir/log/$date.txt" 92 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 93 | 94 | num_geo=$(wc -l < "$Working_Dir/geoblock.txt") 95 | counter=1 96 | 97 | while read -r line; do 98 | echo "geoblock $counter/$num_geo - Processing" |& tee -a "$Working_Dir/log/$date.txt" 99 | wget -q -O geo$counter.txt "${line//[$'\t\r\n ']}" 100 | mv "$Working_Dir/geo$counter.txt" "$Working_Dir/tmp/geo$counter.txt" 101 | num_lines=$(wc -l < "$Working_Dir/tmp/geo$counter.txt") 102 | if [ "$num_lines" -gt 0 ]; then 103 | echo -e "\n$num_lines Subnets Downloaded from ${line//[$'\t\r\n ']}\n" |& tee -a "$Working_Dir/log/$date.txt" 104 | else 105 | echo -e "\nWARNING - ${line//[$'\t\r\n ']} Returned Zero Subnets\n" |& tee -a "$Working_Dir/log/$date.txt" 106 | fi 107 | let counter=counter+1 108 | done < "$Working_Dir/geoblock.txt" 109 | 110 | else 111 | echo -e "\n\n***************************************" 112 | echo "Skipping Geography Block Lists" 113 | echo -e "***************************************\n\n" 114 | fi 115 | 116 | ########################################################################## 117 | # Combine all text files 118 | ########################################################################## 119 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 120 | echo "Combining all text files" |& tee -a "$Working_Dir/log/$date.txt" 121 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 122 | 123 | cd "$Working_Dir/tmp/" || exit 1 124 | cat *.txt > "$Working_Dir/tmp/master.txt" 125 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 126 | 127 | echo -e "Total Lines Of Data Downloaded: $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 128 | 129 | if [[ $num_lines -eq 0 ]]; then 130 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 131 | exit 1 132 | fi 133 | 134 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 135 | echo -e "Removing the following items: \"127.0.0.1 \", \"localhost\", \"::1 \", \"0.0.0.0 \", \"0.0.0.0\", \"127.0.0.1 \", \".localdomain\", \"255.255.255.255 broadcasthost\", \"::1\" , \"|\" , \"^\"\n\n" |& tee -a "$Working_Dir/log/$date.txt" 136 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 137 | sed -i -e 's/\(127.0.0.1 \|localhost\|::1 \|0.0.0.0 \|0.0.0.0\|.localdomain\|255.255.255.255 broadcasthost\|::1\)//g' "$Working_Dir/tmp/master.txt" 138 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 139 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 140 | 141 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 142 | echo -e "Clearing all comment lines starting with \"#\"" |& tee -a "$Working_Dir/log/$date.txt" 143 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 144 | sed -i 's/#.*$//' "$Working_Dir/tmp/master.txt" #delete lines starting with # as those are comments 145 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 146 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 147 | 148 | if [[ $num_lines -eq 0 ]]; then 149 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 150 | exit 1 151 | fi 152 | 153 | if [[ "$ipv6" -eq 0 ]]; then 154 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 155 | echo -e "IPv6 processing is disabled, removing IPv6 addresses" |& tee -a "$Working_Dir/log/$date.txt" 156 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 157 | sed -i '/:/d' "$Working_Dir/tmp/master.txt" 158 | fi 159 | 160 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 161 | echo -e "IPv6 Addresses Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 162 | 163 | if [[ $num_lines -eq 0 ]]; then 164 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 165 | exit 1 166 | fi 167 | 168 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 169 | echo -e "Deleting all Empty/Cleared Lines" |& tee -a "$Working_Dir/log/$date.txt" 170 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 171 | sed -i '/^\s*$/d' "$Working_Dir/tmp/master.txt" #delete empty lines 172 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 173 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 174 | 175 | if [[ $num_lines -eq 0 ]]; then 176 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 177 | exit 1 178 | fi 179 | 180 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 181 | echo -e "Deleting all other instances of \"!\" \"|\" \"^\" \"?\" \"=\" and \" \" within the file as these are not allowable URL characters" |& tee -a "$Working_Dir/log/$date.txt" 182 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 183 | sed -i 's|[|!^?= },]||g' "$Working_Dir/tmp/master.txt" 184 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 185 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 186 | 187 | if [[ $num_lines -eq 0 ]]; then 188 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 189 | exit 1 190 | fi 191 | 192 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 193 | echo -e "Deleting all duplicate entries" |& tee -a "$Working_Dir/log/$date.txt" 194 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 195 | awk -i inplace '!seen[$0]++' "$Working_Dir/tmp/master.txt" # delete duplicates 196 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 197 | echo -e "Duplicate lines removed. Final Total blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 198 | 199 | if [[ $num_lines -eq 0 ]]; then 200 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 201 | exit 1 202 | fi 203 | 204 | ########################################################################## 205 | # Sort Addresses 206 | ########################################################################## 207 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 208 | echo "Sorting Addresses" |& tee -a "$Working_Dir/log/$date.txt" 209 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 210 | 211 | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n "$Working_Dir/tmp/master.txt" > "$Working_Dir/tmp/master_sorted.txt" 212 | 213 | num_lines1=$(wc -l < "$Working_Dir/tmp/master_sorted.txt") 214 | echo -e "Total Blocked Subnets: $num_lines1\n\n" |& tee -a "$Working_Dir/log/$date.txt" 215 | 216 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 217 | echo -e "Aggregating Subnets" |& tee -a "$Working_Dir/log/$date.txt" 218 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 219 | #~/.local/bin# ./aggregate6 "/mnt/c/scripts/asn_block1.1.txt" > "/mnt/c/scripts/asn_block1.1_processed.txt" 220 | aggregate6 "$Working_Dir/tmp/master_sorted.txt" > "$Working_Dir/tmp/master.txt" 221 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 222 | echo -e "Subnets Aggregated. Final Total blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 223 | 224 | if [[ $num_lines -eq 0 ]]; then 225 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 226 | exit 1 227 | fi 228 | 229 | 230 | ########################################################################## 231 | #export current ufw listing 232 | ########################################################################## 233 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 234 | echo "export current ufw listing" |& tee -a "$Working_Dir/log/$date.txt" 235 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 236 | ufw status numbered | tee "$Working_Dir/tmp/current_ufw.txt" 237 | 238 | ########################################################################## 239 | #delete header of ufw status, which are the first four lines of the file 240 | ########################################################################## 241 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 242 | echo "delete header of ufw status" |& tee -a "$Working_Dir/log/$date.txt" 243 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 244 | sed -i 1,4d "$Working_Dir/tmp/current_ufw.txt" 245 | 246 | ########################################################################## 247 | #search through all of the downloaded ASN entries to find ones not already in the UFW configuration 248 | ########################################################################## 249 | echo -e "\n\n*********************************************************************************************" |& tee -a "$Working_Dir/log/$date.txt" 250 | echo "search through all of the downloaded ASN entries to find ones not already in the UFW configuration" |& tee -a "$Working_Dir/log/$date.txt" 251 | echo -e "*********************************************************************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 252 | if [[ ! -r "$Working_Dir/tmp/current_ufw.txt" ]]; then 253 | echo -e "Unable to read required file \""$Working_Dir/tmp/current_ufw.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 254 | exit 1 255 | fi 256 | if [[ ! -r "$Working_Dir/tmp/master.txt" ]]; then 257 | echo -e "Unable to read required file \""$Working_Dir/tmp/master.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 258 | exit 1 259 | fi 260 | 261 | counter=1 262 | 263 | while IFS= read -r block 264 | do 265 | echo -n "Adding Address - Processing $counter/$num_lines -> " 266 | if grep -wq "$block" "$Working_Dir/tmp/current_ufw.txt"; then 267 | #if the ASN address exists in the current UFW configuration, do nothing 268 | echo "Skipping existing address \"$block\"" 269 | else 270 | #if the ASN address does NOT exist in the current UFW configuration, we need to add the new address 271 | if [[ "$block" == *":"* ]]; then 272 | if [[ "$ipv6" -eq 0 ]]; then 273 | echo "skipping IPv6 address \"$block\"" 274 | else 275 | echo "Inserting NEW IPv6 address \"$block\"" 276 | if [[ "$test_mode" -eq 0 ]]; then 277 | ufw insert 1 deny from "$block" 278 | else 279 | echo "Script in Test Mode" 280 | fi 281 | fi 282 | else 283 | echo "Inserting NEW IPv4 address \"$block\"" 284 | if [[ "$test_mode" -eq 0 ]]; then 285 | ufw insert 1 deny from "$block" 286 | else 287 | echo "Script in Test Mode" 288 | fi 289 | fi 290 | fi 291 | let counter=counter+1 292 | done < "$Working_Dir/tmp/master.txt" 293 | 294 | counter=1 295 | ########################################################################## 296 | #search through all of the UFW configuration, and remove entries not contained in the ASN list 297 | ########################################################################## 298 | echo -e "\n\n*********************************************************************************************" |& tee -a "$Working_Dir/log/$date.txt" 299 | echo "search through all of the UFW configuration, and remove entries not contained in the ASN list " |& tee -a "$Working_Dir/log/$date.txt" 300 | echo -e "*********************************************************************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 301 | if [[ ! -r "$Working_Dir/tmp/current_ufw.txt" ]]; then 302 | echo -e "Unable to read required file \""$Working_Dir/tmp/current_ufw.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 303 | exit 1 304 | fi 305 | if [[ ! -r "$Working_Dir/tmp/master.txt" ]]; then 306 | echo -e "Unable to read required file \""$Working_Dir/tmp/master.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 307 | exit 1 308 | fi 309 | 310 | num_lines=$(wc -l < "$Working_Dir/tmp/current_ufw.txt") 311 | while IFS= read -r block2 312 | do 313 | echo -n "Cleaning Address - Processing $counter/$num_lines -> " 314 | string=$(echo "${block2##*IN}" | xargs) #remove everything from the line except for the IP address 315 | if grep -wq "$string" "$Working_Dir/tmp/master.txt"; then 316 | #if the address in the current UFW configuration exists in the current ASN list, do nothing 317 | echo "Line \"$block2\" still valid" 318 | else 319 | #if the address in the current UFW configuration does NOT exist in the ASN list, then it has been removed from the list and needs to be removed from the UFW configuration 320 | if [[ "$block2" == *"ALLOW IN"* ]]; then #if the current UFW configuration line is for the ALLOWED IN lines, do not touch those. 321 | echo "Skipping removal of line \"$block2\" as this is not part of the ASN blocking" 322 | elif [[ "$block2" == *"DENY IN"* ]]; then 323 | echo "Removing un-needed UFW address \"$string\"" 324 | if [[ "$test_mode" -eq 0 ]]; then 325 | ufw delete deny from $string 326 | else 327 | echo "Script in Test Mode" 328 | fi 329 | else 330 | echo "skipping unknown data \"$block2\"" 331 | fi 332 | fi 333 | let counter=counter+1 334 | done < "$Working_Dir/tmp/current_ufw.txt" 335 | 336 | echo -e "\n\n*********************************************************************************************" |& tee -a "$Working_Dir/log/$date.txt" 337 | echo "UFW Blocked Address Update Complete" |& tee -a "$Working_Dir/log/$date.txt" 338 | echo -e "*********************************************************************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 339 | -------------------------------------------------------------------------------- /ufw_update_docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #################### 4 | ## DOCKER VERSION ## 5 | #################### 6 | 7 | # Edit /etc/ufw/after.rules with the following content from https://github.com/chaifeng/ufw-docker?tab=readme-ov-file#how-to-do to enable ufw blocking in docker containers 8 | # Copy without the first #: 9 | ## BEGIN UFW AND DOCKER 10 | #*filter 11 | #:ufw-user-forward - [0:0] 12 | #:ufw-docker-logging-deny - [0:0] 13 | #:DOCKER-USER - [0:0] 14 | #-A DOCKER-USER -j ufw-user-forward 15 | # 16 | #-A DOCKER-USER -j RETURN -s 10.0.0.0/8 17 | #-A DOCKER-USER -j RETURN -s 172.16.0.0/12 18 | #-A DOCKER-USER -j RETURN -s 192.168.0.0/16 19 | # 20 | #-A DOCKER-USER -p udp -m udp --sport 53 --dport 1024:65535 -j RETURN 21 | # 22 | #-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 192.168.0.0/16 23 | #-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 10.0.0.0/8 24 | #-A DOCKER-USER -j ufw-docker-logging-deny -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -d 172.16.0.0/12 25 | #-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 192.168.0.0/16 26 | #-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 10.0.0.0/8 27 | #-A DOCKER-USER -j ufw-docker-logging-deny -p udp -m udp --dport 0:32767 -d 172.16.0.0/12 28 | # 29 | #-A DOCKER-USER -j RETURN 30 | # 31 | #-A ufw-docker-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW DOCKER BLOCK] " 32 | #-A ufw-docker-logging-deny -j DROP 33 | # 34 | #COMMIT 35 | ## END UFW AND DOCKER 36 | 37 | # shellcheck disable=SC2028,SC2219,SC2035,SC2086 38 | #Note this script needs two external files 39 | #ASN.txt --> This file contains the different ASNs this script will download and Block 40 | #geoblock.txt --> This file contains the different country IP lists this script will download and Block 41 | 42 | ipv6=0 #set to a 1 to add IPv6 addresses to the UFW configuration 43 | test_mode=0 #set to a "1" to download and compare settings, but do NOT change any of the current settings on the system 44 | block_ASN=1 45 | block_geo=1 46 | Working_Dir="/var/www" 47 | 48 | ########################################################################## 49 | #create a lock file and temp directory directory to prevent more than one instance of this script from executing at once 50 | ########################################################################## 51 | 52 | if ! mkdir "$Working_Dir/tmp"; then 53 | echo "Failed to acquire lock and creating temp directory failed.\n" >&2 54 | exit 1 55 | fi 56 | trap 'rm -rf $Working_Dir/tmp' EXIT #remove the lockdir on exit 57 | 58 | ########################################################################## 59 | #create logging directory if does not exist and creating log file 60 | ########################################################################## 61 | if [[ -d "$Working_Dir/log/" ]]; then 62 | echo "Log directory \"$Working_Dir/log/\" exists" 63 | else 64 | if ! mkdir "$Working_Dir/log"; then 65 | echo -e "Failed to create log directory \"$Working_Dir/log/\"\n" >&2 66 | exit 1 67 | else 68 | echo "Created Log directory \"$Working_Dir/log/\"" 69 | fi 70 | fi 71 | date=$(date '+%Y-%m-%d') 72 | echo "Log Date: $date" > "$Working_Dir/log/$date.txt" 73 | if [[ ! -w "$Working_Dir/log/$date.txt" ]]; then 74 | echo -e "Failed to create log file \"$Working_Dir/log/$date.txt\"\n" >&2 75 | exit 1 76 | fi 77 | 78 | ########################################################################## 79 | #download all of the ASN text files 80 | ########################################################################## 81 | if [[ $block_ASN -eq 1 ]]; then 82 | if [[ ! -r "$Working_Dir/ASN.txt" ]]; then 83 | echo -e "Unable to read required file \"$Working_Dir/ASN.txt\"\n" |& tee -a "$Working_Dir/log/$date.txt" 84 | exit 1 85 | fi 86 | 87 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 88 | echo "download all of the ASN text files" |& tee -a "$Working_Dir/log/$date.txt" 89 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 90 | 91 | num_ASN=$(wc -l < "$Working_Dir/ASN.txt") 92 | counter=1 93 | 94 | while read -r line; do 95 | echo "ASN $counter/$num_ASN - Processing \"${line//[$'\t\r\n ']}\"" |& tee -a "$Working_Dir/log/$date.txt" 96 | let counter=counter+1 97 | curl -s "https://asn.ipinfo.app/api/text/list/${line//[$'\t\r\n ']}" > "$Working_Dir/tmp/ASN$counter.txt" 98 | num_lines=$(wc -l < "$Working_Dir/tmp/ASN$counter.txt") 99 | if [ "$num_lines" -gt 0 ]; then 100 | echo -e "\n$num_lines Subnets Downloaded from ${line//[$'\t\r\n ']}\n" |& tee -a "$Working_Dir/log/$date.txt" 101 | else 102 | echo -e "\nWARNING - ${line//[$'\t\r\n ']} Returned Zero Subnets\n" |& tee -a "$Working_Dir/log/$date.txt" 103 | fi 104 | 105 | done < "$Working_Dir/ASN.txt" 106 | 107 | else 108 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 109 | echo "Skipping ASN Block Lists" |& tee -a "$Working_Dir/log/$date.txt" 110 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 111 | fi 112 | 113 | ########################################################################## 114 | #download GEOBLOCK text files 115 | #supply of IPs for different countries: https://github.com/herrbischoff/country-ip-blocks/tree/master/ipv4 116 | #country codes: https://www.iban.com/country-codes 117 | ########################################################################## 118 | if [[ $block_geo -eq 1 ]]; then 119 | 120 | if [[ ! -r "$Working_Dir/geoblock.txt" ]]; then 121 | echo -e "Unable to read required file \"$Working_Dir/geoblock.txt\"\n" |& tee -a "$Working_Dir/log/$date.txt" 122 | exit 1 123 | fi 124 | 125 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 126 | echo "download all of the geoblock text files" |& tee -a "$Working_Dir/log/$date.txt" 127 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 128 | 129 | num_geo=$(wc -l < "$Working_Dir/geoblock.txt") 130 | counter=1 131 | 132 | while read -r line; do 133 | echo "geoblock $counter/$num_geo - Processing" |& tee -a "$Working_Dir/log/$date.txt" 134 | wget -q -O geo$counter.txt "${line//[$'\t\r\n ']}" 135 | mv "$Working_Dir/geo$counter.txt" "$Working_Dir/tmp/geo$counter.txt" 136 | num_lines=$(wc -l < "$Working_Dir/tmp/geo$counter.txt") 137 | if [ "$num_lines" -gt 0 ]; then 138 | echo -e "\n$num_lines Subnets Downloaded from ${line//[$'\t\r\n ']}\n" |& tee -a "$Working_Dir/log/$date.txt" 139 | else 140 | echo -e "\nWARNING - ${line//[$'\t\r\n ']} Returned Zero Subnets\n" |& tee -a "$Working_Dir/log/$date.txt" 141 | fi 142 | let counter=counter+1 143 | done < "$Working_Dir/geoblock.txt" 144 | 145 | else 146 | echo -e "\n\n***************************************" 147 | echo "Skipping Geography Block Lists" 148 | echo -e "***************************************\n\n" 149 | fi 150 | 151 | ########################################################################## 152 | # Combine all text files 153 | ########################################################################## 154 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 155 | echo "Combining all text files" |& tee -a "$Working_Dir/log/$date.txt" 156 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 157 | 158 | cd "$Working_Dir/tmp/" || exit 1 159 | cat *.txt > "$Working_Dir/tmp/master.txt" 160 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 161 | 162 | echo -e "Total Lines Of Data Downloaded: $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 163 | 164 | if [[ $num_lines -eq 0 ]]; then 165 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 166 | exit 1 167 | fi 168 | 169 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 170 | echo -e "Removing the following items: \"127.0.0.1 \", \"localhost\", \"::1 \", \"0.0.0.0 \", \"0.0.0.0\", \"127.0.0.1 \", \".localdomain\", \"255.255.255.255 broadcasthost\", \"::1\" , \"|\" , \"^\"\n\n" |& tee -a "$Working_Dir/log/$date.txt" 171 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 172 | sed -i -e 's/\(127.0.0.1 \|localhost\|::1 \|0.0.0.0 \|0.0.0.0\|.localdomain\|255.255.255.255 broadcasthost\|::1\)//g' "$Working_Dir/tmp/master.txt" 173 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 174 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 175 | 176 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 177 | echo -e "Clearing all comment lines starting with \"#\"" |& tee -a "$Working_Dir/log/$date.txt" 178 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 179 | sed -i 's/#.*$//' "$Working_Dir/tmp/master.txt" #delete lines starting with # as those are comments 180 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 181 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 182 | 183 | if [[ $num_lines -eq 0 ]]; then 184 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 185 | exit 1 186 | fi 187 | 188 | if [[ "$ipv6" -eq 0 ]]; then 189 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 190 | echo -e "IPv6 processing is disabled, removing IPv6 addresses" |& tee -a "$Working_Dir/log/$date.txt" 191 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 192 | sed -i '/:/d' "$Working_Dir/tmp/master.txt" 193 | fi 194 | 195 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 196 | echo -e "IPv6 Addresses Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 197 | 198 | if [[ $num_lines -eq 0 ]]; then 199 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 200 | exit 1 201 | fi 202 | 203 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 204 | echo -e "Deleting all Empty/Cleared Lines" |& tee -a "$Working_Dir/log/$date.txt" 205 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 206 | sed -i '/^\s*$/d' "$Working_Dir/tmp/master.txt" #delete empty lines 207 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 208 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 209 | 210 | if [[ $num_lines -eq 0 ]]; then 211 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 212 | exit 1 213 | fi 214 | 215 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 216 | echo -e "Deleting all other instances of \"!\" \"|\" \"^\" \"?\" \"=\" and \" \" within the file as these are not allowable URL characters" |& tee -a "$Working_Dir/log/$date.txt" 217 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 218 | sed -i 's|[|!^?= },]||g' "$Working_Dir/tmp/master.txt" 219 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 220 | echo -e "Data Removed - Current blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 221 | 222 | if [[ $num_lines -eq 0 ]]; then 223 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 224 | exit 1 225 | fi 226 | 227 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 228 | echo -e "Deleting all duplicate entries" |& tee -a "$Working_Dir/log/$date.txt" 229 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 230 | awk -i inplace '!seen[$0]++' "$Working_Dir/tmp/master.txt" # delete duplicates 231 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 232 | echo -e "Duplicate lines removed. Final Total blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 233 | 234 | if [[ $num_lines -eq 0 ]]; then 235 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 236 | exit 1 237 | fi 238 | 239 | ########################################################################## 240 | # Sort Addresses 241 | ########################################################################## 242 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 243 | echo "Sorting Addresses" |& tee -a "$Working_Dir/log/$date.txt" 244 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 245 | 246 | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n "$Working_Dir/tmp/master.txt" > "$Working_Dir/tmp/master_sorted.txt" 247 | 248 | num_lines1=$(wc -l < "$Working_Dir/tmp/master_sorted.txt") 249 | echo -e "Total Blocked Subnets: $num_lines1\n\n" |& tee -a "$Working_Dir/log/$date.txt" 250 | 251 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 252 | echo -e "Aggregating Subnets" |& tee -a "$Working_Dir/log/$date.txt" 253 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 254 | #~/.local/bin# ./aggregate6 "/mnt/c/scripts/asn_block1.1.txt" > "/mnt/c/scripts/asn_block1.1_processed.txt" 255 | aggregate6 "$Working_Dir/tmp/master_sorted.txt" > "$Working_Dir/tmp/master.txt" 256 | num_lines=$(wc -l < "$Working_Dir/tmp/master.txt") 257 | echo -e "Subnets Aggregated. Final Total blocked IP Address Objects is $num_lines\n\n" |& tee -a "$Working_Dir/log/$date.txt" 258 | 259 | if [[ $num_lines -eq 0 ]]; then 260 | echo -e "number of lines is zero, something is wrong" |& tee -a "$Working_Dir/log/$date.txt" 261 | exit 1 262 | fi 263 | 264 | 265 | ########################################################################## 266 | #export current ufw listing 267 | ########################################################################## 268 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 269 | echo "export current ufw listing" |& tee -a "$Working_Dir/log/$date.txt" 270 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 271 | sudo ufw status numbered | tee "$Working_Dir/tmp/current_ufw.txt" 272 | 273 | ########################################################################## 274 | #delete header of ufw status, which are the first four lines of the file 275 | ########################################################################## 276 | echo -e "\n\n***************************************" |& tee -a "$Working_Dir/log/$date.txt" 277 | echo "delete header of ufw status" |& tee -a "$Working_Dir/log/$date.txt" 278 | echo -e "***************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 279 | sed -i 1,4d "$Working_Dir/tmp/current_ufw.txt" 280 | 281 | ########################################################################## 282 | #search through all of the downloaded ASN entries to find ones not already in the UFW configuration 283 | ########################################################################## 284 | echo -e "\n\n*********************************************************************************************" |& tee -a "$Working_Dir/log/$date.txt" 285 | echo "search through all of the downloaded ASN entries to find ones not already in the UFW configuration" |& tee -a "$Working_Dir/log/$date.txt" 286 | echo -e "*********************************************************************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 287 | if [[ ! -r "$Working_Dir/tmp/current_ufw.txt" ]]; then 288 | echo -e "Unable to read required file \""$Working_Dir/tmp/current_ufw.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 289 | exit 1 290 | fi 291 | if [[ ! -r "$Working_Dir/tmp/master.txt" ]]; then 292 | echo -e "Unable to read required file \""$Working_Dir/tmp/master.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 293 | exit 1 294 | fi 295 | 296 | counter=1 297 | 298 | while IFS= read -r block 299 | do 300 | echo -n "Adding Address - Processing $counter/$num_lines -> " 301 | in_rule=$( grep -w "DENY IN.*[[:space:]]$block\$" "$Working_Dir/tmp/current_ufw.txt" || true) 302 | fwd_rule=$( grep -w "DENY FWD.*[[:space:]]$block\$" "$Working_Dir/tmp/current_ufw.txt" || true) 303 | if [[ -n "$in_rule" && -n "$fwd_rule" ]]; then 304 | #if the ASN address exists in the current UFW configuration, do nothing 305 | echo "Skipping existing address \"$block\"" 306 | else 307 | ############### 308 | # IPv6-Adressen 309 | ############### 310 | #if the ASN address does NOT exist in the current UFW configuration, we need to add the new address 311 | if [[ "$block" == *":"* ]]; then 312 | if [[ "$ipv6" -eq 0 ]]; then 313 | echo "skipping IPv6 address \"$block\"" 314 | else 315 | [[ -z "$fwd_rule" ]] && { 316 | echo -n "adding DENY FWD … " 317 | [[ "$test_mode" -eq 0 ]] && sudo ufw route insert 1 deny from "$block" 318 | } 319 | [[ -z "$in_rule" ]] && { 320 | echo -n "adding DENY IN … " 321 | [[ "$test_mode" -eq 0 ]] && sudo ufw insert 1 deny from "$block" 322 | } 323 | echo 324 | fi 325 | ################ 326 | # IPv4-Adressen 327 | ################ 328 | else 329 | echo -n "IPv4 " 330 | [[ -z "$fwd_rule" ]] && { 331 | echo -n "[+FWD] " 332 | [[ "$test_mode" -eq 0 ]] && sudo ufw route insert 1 deny from "$block" 333 | } 334 | [[ -z "$in_rule" ]] && { 335 | echo -n "[+IN] " 336 | [[ "$test_mode" -eq 0 ]] && sudo ufw insert 1 deny from "$block" 337 | } 338 | echo 339 | fi 340 | fi 341 | let counter=counter+1 342 | done < "$Working_Dir/tmp/master.txt" 343 | 344 | counter=1 345 | ########################################################################## 346 | #search through all of the UFW configuration, and remove entries not contained in the ASN list 347 | ########################################################################## 348 | echo -e "\n\n*********************************************************************************************" |& tee -a "$Working_Dir/log/$date.txt" 349 | echo "search through all of the UFW configuration, and remove entries not contained in the ASN list " |& tee -a "$Working_Dir/log/$date.txt" 350 | echo -e "*********************************************************************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 351 | if [[ ! -r "$Working_Dir/tmp/current_ufw.txt" ]]; then 352 | echo -e "Unable to read required file \""$Working_Dir/tmp/current_ufw.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 353 | exit 1 354 | fi 355 | if [[ ! -r "$Working_Dir/tmp/master.txt" ]]; then 356 | echo -e "Unable to read required file \""$Working_Dir/tmp/master.txt"\"\n" |& tee -a "$Working_Dir/log/$date.txt" 357 | exit 1 358 | fi 359 | 360 | num_lines=$(wc -l < "$Working_Dir/tmp/current_ufw.txt") 361 | while IFS= read -r block2 362 | do 363 | echo -n "Cleaning Address - Processing $counter/$num_lines -> " 364 | string=$(echo "${block2##*IN}" | xargs) #remove everything from the line except for the IP address 365 | if grep -wq "$string" "$Working_Dir/tmp/master.txt"; then 366 | #if the address in the current UFW configuration exists in the current ASN list, do nothing 367 | echo "Line \"$block2\" still valid" 368 | else 369 | #if the address in the current UFW configuration does NOT exist in the ASN list, then it has been removed from the list and needs to be removed from the UFW configuration 370 | if [[ "$block2" == *"ALLOW IN"* || "$block2" == *"ALLOW FWD"* ]]; then #if the current UFW configuration line is for the ALLOWED IN lines, do not touch those. 371 | echo "Skipping removal of line \"$block2\" as this is not part of the ASN blocking" 372 | elif [[ "$block2" == *"DENY IN"* || "$block2" == *"DENY FWD"* ]]; then 373 | echo "Removing un-needed UFW address \"$string\"" 374 | if [[ "$test_mode" -eq 0 ]]; then 375 | sudo ufw route delete deny from "$string" 2>/dev/null || true 376 | sudo ufw delete deny from "$string" 2>/dev/null || true 377 | else 378 | echo "Script in Test Mode" 379 | fi 380 | else 381 | echo "skipping unknown data \"$block2\"" 382 | fi 383 | fi 384 | let counter=counter+1 385 | done < "$Working_Dir/tmp/current_ufw.txt" 386 | 387 | echo -e "\n\n*********************************************************************************************" |& tee -a "$Working_Dir/log/$date.txt" 388 | echo "UFW Blocked Address Update Complete" |& tee -a "$Working_Dir/log/$date.txt" 389 | echo -e "*********************************************************************************************\n\n" |& tee -a "$Working_Dir/log/$date.txt" 390 | -------------------------------------------------------------------------------- /geoblock.txt: -------------------------------------------------------------------------------- 1 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ad.cidr 2 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ae.cidr 3 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/af.cidr 4 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ag.cidr 5 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ai.cidr 6 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/al.cidr 7 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/am.cidr 8 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ao.cidr 9 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ap.cidr 10 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/aq.cidr 11 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ar.cidr 12 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/as.cidr 13 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/at.cidr 14 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/au.cidr 15 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/aw.cidr 16 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ax.cidr 17 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/az.cidr 18 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ba.cidr 19 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bb.cidr 20 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bd.cidr 21 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/be.cidr 22 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bf.cidr 23 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bg.cidr 24 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bh.cidr 25 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bi.cidr 26 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bj.cidr 27 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bl.cidr 28 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bm.cidr 29 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bn.cidr 30 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bo.cidr 31 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bq.cidr 32 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/br.cidr 33 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bs.cidr 34 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bt.cidr 35 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bw.cidr 36 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/by.cidr 37 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/bz.cidr 38 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ca.cidr 39 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cd.cidr 40 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cf.cidr 41 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cg.cidr 42 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ch.cidr 43 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ci.cidr 44 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ck.cidr 45 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cl.cidr 46 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cm.cidr 47 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cn.cidr 48 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/co.cidr 49 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cr.cidr 50 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cu.cidr 51 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cv.cidr 52 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cw.cidr 53 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cy.cidr 54 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/cz.cidr 55 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/dj.cidr 56 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/dk.cidr 57 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/dm.cidr 58 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/do.cidr 59 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/dz.cidr 60 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ec.cidr 61 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ee.cidr 62 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/eg.cidr 63 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/er.cidr 64 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/es.cidr 65 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/et.cidr 66 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/eu.cidr 67 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/fi.cidr 68 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/fj.cidr 69 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/fk.cidr 70 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/fm.cidr 71 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/fo.cidr 72 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/fr.cidr 73 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ga.cidr 74 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gb.cidr 75 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gd.cidr 76 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ge.cidr 77 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gf.cidr 78 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gg.cidr 79 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gh.cidr 80 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gi.cidr 81 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gl.cidr 82 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gm.cidr 83 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gn.cidr 84 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gp.cidr 85 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gq.cidr 86 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gr.cidr 87 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gt.cidr 88 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gu.cidr 89 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gw.cidr 90 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/gy.cidr 91 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/hk.cidr 92 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/hn.cidr 93 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/hr.cidr 94 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ht.cidr 95 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/hu.cidr 96 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/id.cidr 97 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ie.cidr 98 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/il.cidr 99 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/im.cidr 100 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/in.cidr 101 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/io.cidr 102 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/iq.cidr 103 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ir.cidr 104 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/is.cidr 105 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/it.cidr 106 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/je.cidr 107 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/jm.cidr 108 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/jo.cidr 109 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/jp.cidr 110 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ke.cidr 111 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/kg.cidr 112 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/kh.cidr 113 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ki.cidr 114 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/km.cidr 115 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/kn.cidr 116 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/kp.cidr 117 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/kr.cidr 118 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/kw.cidr 119 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ky.cidr 120 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/kz.cidr 121 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/la.cidr 122 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/lb.cidr 123 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/lc.cidr 124 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/li.cidr 125 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/lk.cidr 126 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/lr.cidr 127 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ls.cidr 128 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/lt.cidr 129 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/lu.cidr 130 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/lv.cidr 131 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ly.cidr 132 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ma.cidr 133 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mc.cidr 134 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/md.cidr 135 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/me.cidr 136 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mf.cidr 137 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mg.cidr 138 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mh.cidr 139 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mk.cidr 140 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ml.cidr 141 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mm.cidr 142 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mn.cidr 143 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mo.cidr 144 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mp.cidr 145 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mq.cidr 146 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mr.cidr 147 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ms.cidr 148 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mt.cidr 149 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mu.cidr 150 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mv.cidr 151 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mw.cidr 152 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mx.cidr 153 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/my.cidr 154 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/mz.cidr 155 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/na.cidr 156 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/nc.cidr 157 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ne.cidr 158 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/nf.cidr 159 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ng.cidr 160 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ni.cidr 161 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/nl.cidr 162 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/no.cidr 163 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/np.cidr 164 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/nr.cidr 165 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/nu.cidr 166 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/nz.cidr 167 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/om.cidr 168 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pa.cidr 169 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pe.cidr 170 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pf.cidr 171 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pg.cidr 172 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ph.cidr 173 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pk.cidr 174 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pl.cidr 175 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pm.cidr 176 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pr.cidr 177 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ps.cidr 178 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pt.cidr 179 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/pw.cidr 180 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/py.cidr 181 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/qa.cidr 182 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/re.cidr 183 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ro.cidr 184 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/rs.cidr 185 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ru.cidr 186 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/rw.cidr 187 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sa.cidr 188 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sb.cidr 189 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sc.cidr 190 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sd.cidr 191 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/se.cidr 192 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sg.cidr 193 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/si.cidr 194 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sk.cidr 195 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sl.cidr 196 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sm.cidr 197 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sn.cidr 198 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/so.cidr 199 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sr.cidr 200 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ss.cidr 201 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/st.cidr 202 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sv.cidr 203 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sx.cidr 204 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sy.cidr 205 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/sz.cidr 206 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tc.cidr 207 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/td.cidr 208 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tg.cidr 209 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/th.cidr 210 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tj.cidr 211 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tk.cidr 212 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tl.cidr 213 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tm.cidr 214 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tn.cidr 215 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/to.cidr 216 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tr.cidr 217 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tt.cidr 218 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tv.cidr 219 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tw.cidr 220 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/tz.cidr 221 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ua.cidr 222 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ug.cidr 223 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/uy.cidr 224 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/uz.cidr 225 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/va.cidr 226 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/vc.cidr 227 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ve.cidr 228 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/vg.cidr 229 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/vi.cidr 230 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/vn.cidr 231 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/vu.cidr 232 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/wf.cidr 233 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ws.cidr 234 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/ye.cidr 235 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/yt.cidr 236 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/za.cidr 237 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/zm.cidr 238 | https://raw.githubusercontent.com/herrbischoff/country-ip-blocks/master/ipv4/zw.cidr 239 | -------------------------------------------------------------------------------- /ASN_LIST.txt: -------------------------------------------------------------------------------- 1 | #really good list here: https://github.com/brianhama/bad-asn-list/blob/master/bad-asn-list.csv#L353 2 | https://asn.ipinfo.app/api/text/list/AS44477 #THE-HOSTING - PQ HOSTING PLUS S.R.L. 3 | https://asn.ipinfo.app/api/text/list/AS22612 #NAMECHEAP-NET 4 | https://asn.ipinfo.app/api/text/list/AS12312 #ECOTEL - ecotel communication ag 5 | https://asn.ipinfo.app/api/text/list/AS64419 #ECOTEL-AS - Ecotel, Ltd. 6 | https://asn.ipinfo.app/api/text/list/AS204957 #GREENFLOID-AS - GREEN FLOID LLC 7 | https://asn.ipinfo.app/api/text/list/AS61112 #AKILECLOUD - AKILE LTD 8 | https://asn.ipinfo.app/api/text/list/AS8100 # ASN-QUADRANET-GLOBAL 9 | https://asn.ipinfo.app/api/text/list/AS16276 #OVH - OVH SAS 10 | https://asn.ipinfo.app/api/text/list/AS35540 #OVH-TELECOM - OVH SAS 11 | https://asn.ipinfo.app/api/text/list/AS394814 #ISP4Life 12 | https://asn.ipinfo.app/api/text/list/AS35478 #DATACENTER - Bunea TELECOM SRL 13 | https://asn.ipinfo.app/api/text/list/AS22384 #PERFORMIVE-VNI 14 | https://asn.ipinfo.app/api/text/list/AS46562 #Performive LLC 15 | https://asn.ipinfo.app/api/text/list/AS39486 #HOSTROYALE - HostRoyale Technologies Pvt Ltd 16 | https://asn.ipinfo.app/api/text/list/AS44144 #OMEGASOFT - HostRoyale Technologies Pvt Ltd 17 | https://asn.ipinfo.app/api/text/list/AS133499 #HOSTROYALETECHNOLOGIES-AS-AP HostRoyale Technologies Pvt Ltd 18 | https://asn.ipinfo.app/api/text/list/AS134450 #HOSTROYALETECHNOLOGIES-AS-AP HostRoyale Technologies Pvt Ltd 19 | https://asn.ipinfo.app/api/text/list/AS203020 #HOSTROYALE - HostRoyale Technologies Pvt Ltd 20 | https://asn.ipinfo.app/api/text/list/AS204287 #HOSTROYALE_TECHNOLOGIES - HostRoyale Technologies Pvt Ltd 21 | https://asn.ipinfo.app/api/text/list/AS207990 #HR-CUSTOMER - HostRoyale Technologies Pvt Ltd 22 | https://asn.ipinfo.app/api/text/list/AS11878 #tzulo, inc. 23 | https://asn.ipinfo.app/api/text/list/AS6939 #Hurricane Electric LLC (HURC) 24 | https://asn.ipinfo.app/api/text/list/AS60068 #CDN77 - Datacamp Limited 25 | https://asn.ipinfo.app/api/text/list/AS212238 #CDNEXT - Datacamp Limited 26 | https://asn.ipinfo.app/api/text/list/AS211612 #CACHE77 - Datacamp Limited 27 | https://asn.ipinfo.app/api/text/list/AS50446 #DATACAMPUS - Datacampus SAS 28 | https://asn.ipinfo.app/api/text/list/AS9009 #M247 - M247 Europe SRL 29 | https://asn.ipinfo.app/api/text/list/AS16247 #M247-UK - M247 Ltd 30 | https://asn.ipinfo.app/api/text/list/AS42973 #METRONETUK_M24SEVEN - M247 UK Ltd 31 | https://asn.ipinfo.app/api/text/list/AS35536 #XTOM-35536 - xTom GmbH 32 | https://asn.ipinfo.app/api/text/list/AS9312 #XTOM xTom 33 | https://asn.ipinfo.app/api/text/list/AS8888 #XTOM - xTom Pty Ltd 34 | https://asn.ipinfo.app/api/text/list/AS6233 #XTOM 35 | https://asn.ipinfo.app/api/text/list/AS4785 #XTOM-AS-JP xTom 36 | https://asn.ipinfo.app/api/text/list/AS3258 #XTOM-JAPAN - xTom Japan Co., Ltd. 37 | https://asn.ipinfo.app/api/text/list/AS3214 #XTOM - xTom GmbH 38 | https://asn.ipinfo.app/api/text/list/AS949 #XTOM 39 | https://asn.ipinfo.app/api/text/list/AS14315 #1GSERVERS, LLC 40 | https://asn.ipinfo.app/api/text/list/AS18779 #EGIHosting 41 | https://asn.ipinfo.app/api/text/list/AS7005 #InterServer SA 42 | https://asn.ipinfo.app/api/text/list/AS26666 #INTERSERVER-LAX 43 | https://asn.ipinfo.app/api/text/list/AS13335 #CLOUDFLARENET 44 | https://asn.ipinfo.app/api/text/list/AS202623 #CLOUDFLARENET-CORE - Cloudflare Inc 45 | https://asn.ipinfo.app/api/text/list/AS395747 #CLOUDFLARENET-SFO05 46 | https://asn.ipinfo.app/api/text/list/AS62651 #NETPROTECT-62651 47 | https://asn.ipinfo.app/api/text/list/AS54203 #NETPROTECT-SP 48 | https://asn.ipinfo.app/api/text/list/AS54138 #NETPROTECT-OVP 49 | https://asn.ipinfo.app/api/text/list/AS50667 #MSP-ROMANIA-AS - NETPROTECT SRL 50 | https://asn.ipinfo.app/api/text/list/AS31362 #PROTECTNET - NETPROTECT SRL 51 | https://asn.ipinfo.app/api/text/list/AS13926 #NETPROTECT-PHX 52 | https://asn.ipinfo.app/api/text/list/AS24940 #HETZNER-AS - Hetzner Online GmbH 53 | https://asn.ipinfo.app/api/text/list/AS212317 #HETZNER-CLOUD3-AS - Hetzner Online GmbH 54 | https://asn.ipinfo.app/api/text/list/AS213230 #HETZNER-CLOUD2-AS - Hetzner Online GmbH 55 | https://asn.ipinfo.app/api/text/list/AS213006 #NSFTELECOM - Invermae Solutions SL 56 | https://asn.ipinfo.app/api/text/list/AS213005 #Invermae Solutions SL 57 | https://asn.ipinfo.app/api/text/list/AS212862 #PROXYSEO - Invermae Solutions SL 58 | https://asn.ipinfo.app/api/text/list/AS212861 #INTERCOLO - Invermae Solutions SLL 59 | https://asn.ipinfo.app/api/text/list/AS204286 #CDN4YOU - Invermae Solutions SL 60 | https://asn.ipinfo.app/api/text/list/AS202636 #ECHELON - Invermae Solutions SL 61 | https://asn.ipinfo.app/api/text/list/AS200908 #INTERMANAGED - Invermae Solutions SL 62 | 63 | ##### 64 | 65 | https://asn.ipinfo.app/api/text/list/AS17470 #HUTCHISON-LK 66 | https://asn.ipinfo.app/api/text/list/AS209372 #SIA "Singularity Telecom" 67 | https://asn.ipinfo.app/api/text/list/AS45887 #GPLHOST 68 | https://asn.ipinfo.app/api/text/list/AS48337 #LINODE 69 | https://asn.ipinfo.app/api/text/list/AS63949 #LINODE 70 | https://asn.ipinfo.app/api/text/list/AS61317 #Hivelocity Inc 71 | https://asn.ipinfo.app/api/text/list/AS263735 #Buena Hosting 72 | https://asn.ipinfo.app/api/text/list/AS263740 #Corporacion Laceibanetsociety 73 | https://asn.ipinfo.app/api/text/list/AS14061 #DigitalOcean 74 | https://asn.ipinfo.app/api/text/list/ #HostingSolution LTD 75 | https://asn.ipinfo.app/api/text/list/AS8075 #Microsoft 76 | https://asn.ipinfo.app/api/text/list/AS62240 #Clouvider 77 | https://asn.ipinfo.app/api/text/list/AS36352 #ColoCrossing 78 | https://asn.ipinfo.app/api/text/list/AS12876 #ScaleWay / ONLINE SAS / PONEYTELECOM 79 | https://asn.ipinfo.app/api/text/list/AS37518 #Fiber Grid INC 80 | https://asn.ipinfo.app/api/text/list/AS132203 #Shenzhen Tencent 81 | https://asn.ipinfo.app/api/text/list/AS45090 #Shenzhen Tencent 82 | https://asn.ipinfo.app/api/text/list/AS55286 #ServerMania / B2 Net Solutions Inc./ Blazing SEO 83 | https://asn.ipinfo.app/api/text/list/AS210558 #1337 Services GmbH (as210558.net) 84 | https://asn.ipinfo.app/api/text/list/AS206092 #SECFIREWALLAS - Internet Utilities Europe and Asia Limited. 85 | https://asn.ipinfo.app/api/text/list/AS26548 #PureVoltage Hosting Inc. 86 | https://asn.ipinfo.app/api/text/list/AS137409 #GSL Networks Pty LTD / M Nets SAL 87 | https://asn.ipinfo.app/api/text/list/AS14576 #Hosting Solution Ltd / TrafficTransitSolution LLC / king-servers.com 88 | https://asn.ipinfo.app/api/text/list/AS40861 #Paradise Networks LLC / Powehouse Management VPNs 89 | https://asn.ipinfo.app/api/text/list/AS36007 #Kamatera, Inc. / Cloud Web Manage 90 | https://asn.ipinfo.app/api/text/list/AS24961 #myLoc managed IT AG / webtropia 91 | https://asn.ipinfo.app/api/text/list/AS39572 #ADVANCEDHOSTERS-AS 92 | https://asn.ipinfo.app/api/text/list/AS932 #XNNET 93 | https://asn.ipinfo.app/api/text/list/AS6134 #XNNET 94 | https://asn.ipinfo.app/api/text/list/AS27524 #XEEX-COMMUNICATIONS 95 | https://asn.ipinfo.app/api/text/list/AS33333 #OBJX 96 | https://asn.ipinfo.app/api/text/list/AS35624 #SILVERSTAR-AS - Silverstar Invest Limited 97 | https://asn.ipinfo.app/api/text/list/AS3223 #VOXILITY - Voxility LLP 98 | https://asn.ipinfo.app/api/text/list/AS3842 #RAMNODE 99 | https://asn.ipinfo.app/api/text/list/AS4694 #IDCF IDC Frontier Inc. 100 | https://asn.ipinfo.app/api/text/list/AS5577 #ROOT - root SA 101 | https://asn.ipinfo.app/api/text/list/AS6724 #STRATO - Strato AG 102 | https://asn.ipinfo.app/api/text/list/AS7203 #LEASEWEB-USA-SFO 103 | https://asn.ipinfo.app/api/text/list/AS7489 #HOSTUS-GLOBAL-AS HostUS 104 | https://asn.ipinfo.app/api/text/list/AS7506 #INTERQ GMO Internet 105 | https://asn.ipinfo.app/api/text/list/AS7850 #TN-ASN-CL 106 | https://asn.ipinfo.app/api/text/list/AS7979 #SERVERS-COM 107 | https://asn.ipinfo.app/api/text/list/AS8455 #ATOM86-AS - Schuberg Philis B.V. 108 | https://asn.ipinfo.app/api/text/list/AS8560 #IONOS-AS - IONOS SE 109 | https://asn.ipinfo.app/api/text/list/AS9370 #SAKURA-B SAKURA Internet Inc. 110 | https://asn.ipinfo.app/api/text/list/AS10297 #ENET-2 111 | https://asn.ipinfo.app/api/text/list/AS10439 #CARINET 112 | https://asn.ipinfo.app/api/text/list/AS11831 #ESECUREDATA 113 | https://asn.ipinfo.app/api/text/list/AS12586 #ASGHOSTNET - GHOSTnet GmbH 114 | https://asn.ipinfo.app/api/text/list/AS13213 #UK2NET-AS - UK-2 Limited 115 | https://asn.ipinfo.app/api/text/list/AS13739 #DATACENTER-IP 116 | https://asn.ipinfo.app/api/text/list/AS14127 #ILAND 117 | https://asn.ipinfo.app/api/text/list/AS14618 #AMAZON-AES 118 | https://asn.ipinfo.app/api/text/list/AS16509 #AMAZON-02 119 | https://asn.ipinfo.app/api/text/list/AS15083 #INFOLINK-MIA- 120 | https://asn.ipinfo.app/api/text/list/AS15169 #GOOGLE 121 | https://asn.ipinfo.app/api/text/list/AS15395 #RACKSPACE-LON - Rackspace Ltd. 122 | https://asn.ipinfo.app/api/text/list/AS15497 #COLOCALL - 1 Cloud Lab s.r.o. 123 | https://asn.ipinfo.app/api/text/list/AS15510 #CWCS-PS - Compuweb Communications Services Limited 124 | https://asn.ipinfo.app/api/text/list/AS15626 #GF-UA - GREEN FLOID LLC 125 | https://asn.ipinfo.app/api/text/list/AS16125 #CHERRYSERVERS1-AS - UAB Cherry Servers 126 | https://asn.ipinfo.app/api/text/list/AS16262 #DATACHEAP-LLC-AS - Datacheap LLC 127 | https://asn.ipinfo.app/api/text/list/AS16628 #DEDICATED-FIBER-COMMUNICATIONS 128 | https://asn.ipinfo.app/api/text/list/AS17216 #DC74-AS 129 | https://asn.ipinfo.app/api/text/list/AS18450 #WEBNX 130 | https://asn.ipinfo.app/api/text/list/AS18978 #ENZUINC- 131 | https://asn.ipinfo.app/api/text/list/AS19084 #COLOUP 132 | https://asn.ipinfo.app/api/text/list/AS19318 #NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC, 133 | https://asn.ipinfo.app/api/text/list/AS19437 #SS-ASH 134 | https://asn.ipinfo.app/api/text/list/AS19531 #NODESDIRECT 135 | https://asn.ipinfo.app/api/text/list/AS19624 #SERVERROOM 136 | https://asn.ipinfo.app/api/text/list/AS19871 #NETWORK-SOLUTIONS-HOSTING 137 | https://asn.ipinfo.app/api/text/list/AS19969 #JOESDATACENTER 138 | https://asn.ipinfo.app/api/text/list/AS20021 #LNH-INC 139 | https://asn.ipinfo.app/api/text/list/AS20264 #WEBAIR-INTERNET-2 140 | https://asn.ipinfo.app/api/text/list/AS20454 #SSASN2 - SECURED SERVERS LLC, US 141 | https://asn.ipinfo.app/api/text/list/AS20473 #AS-VULTR 142 | https://asn.ipinfo.app/api/text/list/AS20598 #CYBERSPACE-AS Autonomous System number for Cyber Space, IL 143 | https://asn.ipinfo.app/api/text/list/AS21859 #ZNET - Zenlayer Inc, US 144 | https://asn.ipinfo.app/api/text/list/AS22363 #PHMGMT-AS1 - Powerhouse Management, Inc., US 145 | https://asn.ipinfo.app/api/text/list/AS22552 #ESITED - eSited Solutions, US 146 | https://asn.ipinfo.app/api/text/list/AS22781 #RBLHST - Strong Technology, LLC., US 147 | https://asn.ipinfo.app/api/text/list/AS23033 #WOW - Wowrack.com, US 148 | https://asn.ipinfo.app/api/text/list/AS23342 #UNITEDLAYER - Unitedlayer, Inc., US 149 | https://asn.ipinfo.app/api/text/list/AS23352 #SERVERCENTRAL 150 | https://asn.ipinfo.app/api/text/list/AS25780 #HUGESERVER-NETWORKS - HugeServer Networks, LLC, US 151 | https://asn.ipinfo.app/api/text/list/AS29838 #AMC - Atlantic Metro Communications, US 152 | https://asn.ipinfo.app/api/text/list/AS29854 #WESTHOST - WestHost, Inc., US 153 | https://asn.ipinfo.app/api/text/list/AS30083 #AS-30083-US-VELIA-NET 154 | https://asn.ipinfo.app/api/text/list/AS30475 #WEHOSTWEBSITES-COM - Handy Networks, LLC, US 155 | https://asn.ipinfo.app/api/text/list/AS30633 #LEASEWEB-USA-WDC 156 | https://asn.ipinfo.app/api/text/list/AS32097 #WII-KC - WholeSale Internet, Inc., US 157 | https://asn.ipinfo.app/api/text/list/AS32181 #ASN-GIGENET - GigeNET, US 158 | https://asn.ipinfo.app/api/text/list/AS32244 #LIQUID-WEB-INC - Liquid Web, L.L.C, US 159 | https://asn.ipinfo.app/api/text/list/AS32475 #SINGLEHOP-LLC - SingleHop, Inc., US 160 | https://asn.ipinfo.app/api/text/list/AS32780 #HOSTINGSERVICES-INC - Hosting Services, Inc., US 161 | https://asn.ipinfo.app/api/text/list/AS33083 #AXCELX-NET - AxcelX Technologies LLC, US 162 | https://asn.ipinfo.app/api/text/list/AS33182 #DIMENOC - HostDime.com, Inc., US 163 | https://asn.ipinfo.app/api/text/list/AS33302 #ONS-COS - Data 102, LLC, US 164 | https://asn.ipinfo.app/api/text/list/AS33480 #WEBWERKSAS1 - Web Werks, US 165 | https://asn.ipinfo.app/api/text/list/AS33724 #BIZNESSHOSTING - VOLICO, US 166 | https://asn.ipinfo.app/api/text/list/AS35908 #VPLSNET - Krypt Technologies, US 167 | https://asn.ipinfo.app/api/text/list/AS35916 #MULTA-ASN1 - MULTACOM CORPORATION, US 168 | https://asn.ipinfo.app/api/text/list/AS36114 #VERSAWEB-ASN 169 | https://asn.ipinfo.app/api/text/list/AS36351 #SOFTLAYER - SoftLayer Technologies Inc., US 170 | https://asn.ipinfo.app/api/text/list/AS36666 #GTCOMM - GloboTech Communications, CA 171 | https://asn.ipinfo.app/api/text/list/AS40156 #THEOPT-HOU - The Optimal Link Corporation, US 172 | https://asn.ipinfo.app/api/text/list/AS40244 #TURNKEY-INTERNET - Turnkey Internet Inc., US 173 | https://asn.ipinfo.app/api/text/list/AS40676 #AS40676 - Psychz Networks, US 174 | https://asn.ipinfo.app/api/text/list/AS40824 #WZCOM-US - WZ Communications Inc., US 175 | https://asn.ipinfo.app/api/text/list/AS46261 #QUICKPACKET - QuickPacket, LLC, US 176 | https://asn.ipinfo.app/api/text/list/AS46475 #LIMESTONENETWORKS - Limestone Networks, Inc., US 177 | https://asn.ipinfo.app/api/text/list/AS46664 #VOLUMEDRIVE - VolumeDrive, US 178 | https://asn.ipinfo.app/api/text/list/AS46844 #ST-BGP - Sharktech, US 179 | https://asn.ipinfo.app/api/text/list/AS53340 #FIBERHUB - VegasNAP, LLC, US 180 | https://asn.ipinfo.app/api/text/list/AS53559 #ANONYMIZER - Anonymizer Inc., US 181 | https://asn.ipinfo.app/api/text/list/AS53597 #HOYOS-CONSULTING-LLC - Hoyos Consulting LLC, US 182 | https://asn.ipinfo.app/api/text/list/AS53667 #PONYNET - FranTech Solutions, US 183 | https://asn.ipinfo.app/api/text/list/AS53755 #IOFLOOD - Input Output Flood LLC, US 184 | https://asn.ipinfo.app/api/text/list/AS53850 #GORILLASERVERS - GorillaServers, Inc., US 185 | https://asn.ipinfo.app/api/text/list/AS54455 #MADEIT - MadeIT inc., US 186 | https://asn.ipinfo.app/api/text/list/AS54489 #CORESPACE-DAL - CoreSpace, Inc., US 187 | https://asn.ipinfo.app/api/text/list/AS63018 #USDEDICATED - US Dedicated, US 188 | https://asn.ipinfo.app/api/text/list/AS63199 #CDSC-AS1 - Capitalonline Data Service Co.,LTD, US 189 | https://asn.ipinfo.app/api/text/list/AS63473 #HOSTHATCH-ASN - HostHatch, Inc, US 190 | https://asn.ipinfo.app/api/text/list/AS64245 #AS-DIGITALFYRE - DigitalFyre Internet Solutions, LLC., US 191 | https://asn.ipinfo.app/api/text/list/AS394380 #LEASEWEB-USA-DAL-10 - Leaseweb USA, Inc., US 192 | https://asn.ipinfo.app/api/text/list/AS395111 #KVCNET-2009 - KVCHOSTING.COM LLC, US 193 | https://asn.ipinfo.app/api/text/list/AS35830 #BTTGROUP-AS - BTT Group Finance Ltd 194 | 195 | #added 09/18/2024 196 | https://asn.ipinfo.app/api/text/list/AS45102 #ALIBABA-CN-NET Alibaba US Technology Co. 197 | https://asn.ipinfo.app/api/text/list/AS206728 #MEDIALAND-AS - Media Land LLC 198 | https://asn.ipinfo.app/api/text/list/AS398722 #CENSYS-ARIN-03 199 | https://asn.ipinfo.app/api/text/list/AS212027 #PEBBLEHOST - Daniel Jackson 200 | https://asn.ipinfo.app/api/text/list/AS142002 #SCLOUDPTELTD-AS Scloud Pte Ltd 201 | https://asn.ipinfo.app/api/text/list/AS398324 #CENSYS-ARIN-01 202 | https://asn.ipinfo.app/api/text/list/AS51167 #CONTABO - Contabo GmbH 203 | 204 | #added 12/09/2024 205 | https://asn.ipinfo.app/api/text/list/AS396356 #Latitude Hosting 206 | 207 | #added 12/26/2024 208 | https://asn.ipinfo.app/api/text/list/AS62744 #Quintex Alliance Consulting 209 | https://asn.ipinfo.app/api/text/list/AS56971 #CGI Global Limited 210 | https://asn.ipinfo.app/api/text/list/AS210644 #Aeza International Ltd 211 | 212 | #added 1/15/2025 213 | https://asn.ipinfo.app/api/text/list/AS47890 #UNMANAGED-DEDICATED-SERVERS - UNMANAGED LTD 214 | 215 | #added 2/4/2025 216 | https://asn.ipinfo.app/api/text/list/AS29802 #Hivelocity 217 | https://asn.ipinfo.app/api/text/list/AS14956 #Router Hosting 218 | https://asn.ipinfo.app/api/text/list/AS62904 #Eonix 219 | 220 | #added 2/6/2025 221 | https://asn.ipinfo.app/api/text/list/AS200373 #DREI-K-TECH-GMBH - 3xK Tech GmbH 222 | https://asn.ipinfo.app/api/text/list/AS984 #OCTOPUS WEB SOLUTION INC 223 | https://asn.ipinfo.app/api/text/list/AS24669 #Clouvider Limited 224 | 225 | #added 4/2/2025 226 | https://asn.ipinfo.app/api/text/list/AS214943 #RAILNET - Railnet LLC 227 | https://asn.ipinfo.app/api/text/list/AS51765 #CREANOVA-AS - Oy Crea Nova Hosting Solution Ltd 228 | https://asn.ipinfo.app/api/text/list/AS211298 #DRIFTNET - Driftnet Ltd 229 | https://asn.ipinfo.app/api/text/list/AS396982 #GOOGLE-CLOUD-PLATFORM 230 | https://asn.ipinfo.app/api/text/list/AS37963 #ALIBABA-CN-NET Hangzhou Alibaba Advertising Co. 231 | https://asn.ipinfo.app/api/text/list/AS135377 #UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED 232 | 233 | #added 4/10/2025 234 | https://asn.ipinfo.app/api/text/list/AS395092 #SHOCK Hosting 235 | https://asn.ipinfo.app/api/text/list/AS965 #WEBHOSTINGHOLDINGS 236 | https://asn.ipinfo.app/api/text/list/AS1824 #HOSTING 237 | https://asn.ipinfo.app/api/text/list/AS9290 #GOHOSTING-AS-AP GoHosting 238 | https://asn.ipinfo.app/api/text/list/AS9678 #HOSTINGINSIDE HostingInside LTD. 239 | https://asn.ipinfo.app/api/text/list/AS10747 #EPIC-HOSTING 240 | https://asn.ipinfo.app/api/text/list/AS10991 #CAPGE-HOSTING-MRO 241 | https://asn.ipinfo.app/api/text/list/AS12266 #SRN-HOSTING 242 | https://asn.ipinfo.app/api/text/list/AS12417 #DHH-AS - Plus Hosting Grupa d.o.o. 243 | https://asn.ipinfo.app/api/text/list/AS12488 #KRYSTAL - Krystal Hosting Ltd 244 | https://asn.ipinfo.app/api/text/list/AS14670 #WHG-USE1 - WHG Hosting Services Ltd 245 | https://asn.ipinfo.app/api/text/list/AS14987 #RETHEMHOSTING 246 | https://asn.ipinfo.app/api/text/list/AS15919 #INTERHOST - Servicios de Hosting en Internet S.A. 247 | https://asn.ipinfo.app/api/text/list/AS17881 #INETHOSTING-AS-KR Inet Hosting 248 | https://asn.ipinfo.app/api/text/list/AS19133 #BIRD-HOSTING 249 | https://asn.ipinfo.app/api/text/list/AS21581 #M5HOSTING 250 | https://asn.ipinfo.app/api/text/list/AS22903 #EDGE-HOSTING 251 | https://asn.ipinfo.app/api/text/list/AS23881 #UDOMAIN-AS-AP UDomain Web Hosting Company Ltd 252 | https://asn.ipinfo.app/api/text/list/AS29119 #SERVIHOSTING-AS - AIRE NETWORKS DEL MEDITERRANEO SL UNIPERSONAL 253 | https://asn.ipinfo.app/api/text/list/AS29262 #IDEALHOSTING - Ideal Hosting Teknoloji A.S. 254 | https://asn.ipinfo.app/api/text/list/AS29452 #SECURA-AS - Secura Hosting Ltd 255 | https://asn.ipinfo.app/api/text/list/AS30893 #NOACKHOSTING-AS - No ACK Group Holding AB 256 | https://asn.ipinfo.app/api/text/list/AS31333 #VOLLMAR-AS - Hosting.de GmbH 257 | https://asn.ipinfo.app/api/text/list/AS31590 #RACKHOSTING-AS - Rackhosting.com ApS 258 | https://asn.ipinfo.app/api/text/list/AS34420 #NETAFFAIRS-HOSTING-BV - Netaffairs Hosting B.V. 259 | https://asn.ipinfo.app/api/text/list/AS36231 #TEMPEST-HOSTING 260 | https://asn.ipinfo.app/api/text/list/AS36791 #PDXHOSTING 261 | https://asn.ipinfo.app/api/text/list/AS39150 #HOSTING-TELECOM-AS - HOSTING TELECOM LTD 262 | https://asn.ipinfo.app/api/text/list/AS39647 #REDHOSTING-AS - Enreach Netherlands B.V. 263 | https://asn.ipinfo.app/api/text/list/AS39704 #CJ2-AS - CJ2 Hosting B.V. 264 | 265 | #4/11/2025 266 | removed the following ASNs due to ASNs now returning zero IP records 267 | AS54500 268 | AS27524 269 | AS17048 270 | AS15828 271 | AS48337 272 | AS214422 273 | AS208091 274 | 275 | #4/11/2025 added addtional ASNs of server rental companies 276 | AS41111 #AS-GEOHOSTING - FAST GEO HOSTING S.R.L. 277 | AS41634 #SVEA - Svea Hosting AB 278 | AS41637 #ROUTING-ANYCAST - Hosting.de GmbH 279 | AS41665 #HOSTING-AS - Tehnologii Budushego LLC 280 | AS41828 #TELEMACH-HOSTING - Telemach Slovenija d.o.o. 281 | AS42442 #ADACOR-AS - Adacor Hosting GmbH 282 | AS42612 #DINAHOSTING-AS - DinaHosting S.L. 283 | AS42675 #OBEHOSTING - Obehosting AB 284 | AS42699 #MANAGEDHOSTING-AS - managedhosting.de GmbH 285 | AS43541 #VSHOSTING - VSHosting s.r.o. 286 | AS44051 #FORNEX-AS - Fornex Hosting S.L. 287 | AS44716 #DHOSTING-NET - D-hosting die Rackspace & Connectivity GmbH 288 | AS45187 #RACKSPACE-AP Rackspace IT Hosting AS IT Hosting Provider Hong Kong 289 | AS47583 #AS-HOSTINGER - Hostinger International Limited 290 | AS48014 #ALBHOST - Albanian Hosting SH.P.K. 291 | AS49581 #FERDINANDZINK - Ferdinand Zink trading as Tube-Hosting 292 | AS50415 #AHOSTING - Ahosting a.s. 293 | AS51050 #H4HOSTING-AS - H4Hosting BV 294 | AS52000 #MIRHOSTING - MIRhosting B.V. 295 | AS52465 #WNet Internet y Hosting 296 | AS54527 #ASTUTEHOSTING 297 | AS55293 #A2HOSTING 298 | AS55720 #GIGABIT-MY Gigabit Hosting Sdn Bhd 299 | AS57286 #ASGIGAS - GIGAS HOSTING S.A. 300 | AS59711 #HZ-EU-AS - HZ Hosting Ltd 301 | AS60800 #NHL-AS1 - Netwise Hosting Ltd 302 | AS63051 #CRITICALHOSTING-USA 303 | AS64200 #VIVIDHOSTING 304 | AS136052 #IDNIC-IDCLOUDHOST-AS-ID PT Cloud Hosting Indonesia 305 | AS136171 #MEDHAHOSTING-AS-AP Medha Hosting 306 | AS200000 #UKRAINE-AS - Hosting Ukraine LTD 307 | AS200719 #MISSDOMAIN - Miss Hosting AB 308 | AS201200 #SUPERHOSTING_AS - SuperHosting.BG Ltd. 309 | AS201446 #PROFESIONALHOSTING - Soluciones web on line s.l. 310 | AS201983 #ANSLUTEN-AS - Ansluten Hosting i Sverige AB 311 | AS202015 #HZ-US-AS - HZ Hosting Ltd 312 | AS202759 #FAIRYHOSTING - RJ Network OU 313 | AS205220 #RHC-HOSTING - RH & Co. IT Services Ltd 314 | AS206331 #EHOSTINGONLINE - E-Hosting Online LLC 315 | AS207605 #SPD - S.P.D. Hosting LTD 316 | AS208332 #HOSTING2GO - Hosting 2 GO B.V. 317 | AS210619 #MTH-NETWORKS - Monkey Tree Hosting Limited 318 | AS212477 #ROYALE-AS - RoyaleHosting BV 319 | AS213646 #MONKEY-TREE-HOSTING - Monkey Tree Hosting Limited 320 | AS216139 #IRONHOST - Iron Hosting Centre LTD 321 | AS396073 #MAJESTIC-HOSTING-01 322 | AS215859 #HETZNER-CLOUD4-AS - Hetzner Online GmbH 323 | AS8987 #Amazon Data Services Ireland Ltd 324 | 325 | #8/24/2025 326 | AS40021 327 | 328 | #9/6/2025 329 | AS31898 #ORACLE-BMC-31898 330 | AS136907 #HWCLOUDS-AS-AP HUAWEI CLOUDS 331 | AS132420 #E2E-NETWORKS-IN 282 332 | AS4837 #CHINA169-BACKBONE CHINA UNICOM China169 Backbone 333 | AS62068 #SPECTRAIP SpectraIP B.V., NL 334 | AS202425 #INT-NETWORK - IP Volume inc 335 | AS136557 #HOST-AS-AP Host Universal Pty Ltd 336 | AS214238 #IWIHOST - HOST TELECOM LTD 337 | 338 | #9/12/2025 339 | AS198953 #PROTON66 - Proton66 OOO 340 | AS209605 # HOSTBALTIC - UAB Host Baltic 341 | AS202306 #H OSTGLOBALPLUS-AS - HOSTGLOBAL.PLUS LTD 342 | AS141892 #IDNIC-SENGKED-AS-ID CV Andhika Pratama Sanggoro 343 | AS39724 #OMONIA-RS - Omonia d.o.o. 344 | AS44306 #OMONIA - OMONIA d.o.o. 345 | AS18101 #RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI 346 | AS45899 # VNPT-AS-VN VNPT Corp 347 | AS23673 #ONLINE-AS Cogetel Online 348 | AS198571 #PLAINPROXIES - 3xK Tech GmbH 349 | AS971 #PUREVOLTAGE 350 | AS13332 #HYPEENT-SJ 351 | AS7643 #VNPT-AS-VN Vietnam Posts and Telecommunications VNPT 352 | AS135905 #VNPT-AS-VN VIETNAM POSTS AND TELECOMMUNICATIONS GROUP 353 | AS18403 #FPT-AS-AP FPT Telecom Company 354 | AS24186 #RAILTEL-AS-IN RailTel Corporation of India Ltd 355 | AS135761 #ULNPLSUM-AS Userlinks Netcom Pvt. Ltd. 356 | AS25799 #M247AI-AS- 357 | AS33970 # M247 - M247 Ltd 358 | AS51332 #M247-ENTERPRISE - M247 Europe SRL 359 | AS274103 #REDES DEL RIO S.A.S. 360 | AS37371 #HORMUUD 361 | AS55990 #HWCSNET Huawei Cloud Service data center 362 | AS63655 #HWDGNET Huawei Technologies Co. 363 | AS131444 #HIPL-AS-AP Huawei IT Data Center in AP 364 | AS141180 #HIPL-AS-AP HUAWEI INTERNATIONAL PTE. LTD. 365 | AS9498 #BBIL-AP BHARTI Airtel Ltd. 366 | AS24560 #AIRTELBROADBAND-AS-AP Bharti Airtel Ltd 367 | AS45609 #BHARTI-MOBILITY-AS-AP Bharti Airtel Ltd. AS for GPRS Service 368 | AS213790 #LIMITEDNETWORK-AS - Limited Network LTD 369 | AS4818 #DIGIIX-AP DiGi Telecommunications Sdn. Bhd. 370 | AS10081 #DIGI-MY DiGi Telecommunications Sdn Bhd 371 | 372 | #9/18/2025 373 | AS215929 #DATACAMPUS - Data Campus Limited 374 | AS207915 #SYMEETRIC - Invermae Solutions SL 375 | AS8068 #MICROSOFT-CORP-MSN-AS-BLOCK 376 | AS8069 #MICROSOFT-CORP-MSN-AS-BLOCK 377 | AS8070 #MICROSOFT-CORP-MSN-AS-BLOCK 378 | AS19551 #INCAPSULA 379 | AS38235 #MEKONGNET-ADC-AS-AP ANGKOR DATA COMMUNICATION 380 | AS137952 #ANGKORENC-AS-AP ANGKOR E & C CAMBODIA Co. 381 | AS262287 #Latitude.sh LTDA 382 | AS213412 #ONYPHE - ONYPHE SAS 383 | 384 | #9/30/2025 385 | AS46558 #SUN-DSEO 386 | AS680 #DFN - Verein zur Foerderung eines Deutschen Forschungsnetzes e.V. 387 | AS401696 #COGNETCLOUD 388 | AS46606 #UNIFIEDLAYER-AS-1 389 | AS398705 #CENSYS-ARIN-02 390 | AS51396 #PFCLOUD - Pfcloud UG" 391 | AS26277 #SERVERPOINT 392 | AS210630 #INTERNET-SPEECH-AND-PRIVACY - IncogNET LLC 393 | AS19527 #GOOGLE-2 394 | AS174 #COGENT-174 395 | AS59134 #IDNIC-DATACOMM-AS-ID PT. Datacomm Diangraha 396 | AS398721 #OXIO-ASN-01 397 | AS212512 #DETAI - Detai Prosperous Technologies Limited 398 | AS6167 #CELLCO-PART 399 | AS36223 #SPANISHFORK-COMMUNITY-NETWORK 400 | AS28753 #LEASEWEB-DE-FRA-10 - Leaseweb Deutschland GmbH 401 | AS209800 402 | AS401120 403 | 404 | #9/30/2025 405 | remoevd AS174 #COGENT-174 due to impacts on users 406 | 407 | #10/1/2025 408 | removed AS3209 #VODANET - Vodafone GmbH due to impacts on users 409 | 410 | 10/2/2025 411 | Removed AS6167 #CELLCO-PART due to impacts on users 412 | removed AS680 #DFN - Verein zur Foerderung eines Deutschen Forschungsnetzes e.V. due to impacts on users 413 | 414 | 11/26/2025 415 | removed AS398721 #OXIO-ASN-01 416 | -------------------------------------------------------------------------------- /SSL_VPN Config with loopback and auto-block.txt: -------------------------------------------------------------------------------- 1 | config system interface 2 | edit "WAN_to_LOOPBACK" 3 | set vdom "root" 4 | set ip 10.10.20.1 255.255.255.255 5 | set allowaccess ping 6 | set type loopback 7 | set role lan 8 | set snmp-index 38 9 | config ipv6 10 | set ip6-address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 11 | end 12 | next 13 | config system automation-trigger 14 | edit "SSLVPN_Connection" 15 | set event-type event-log 16 | set logid 39947 39424 17 | next 18 | edit "SSL_LOGIN_FAIL_admin" 19 | set description "SSL_LOGIN_FAIL" 20 | set event-type event-log 21 | set logid 39426 22 | config fields 23 | edit 1 24 | set name "user" 25 | set value "*dmin*" 26 | next 27 | end 28 | next 29 | edit "SSL_LOGIN_FAIL_fax" 30 | set description "SSL_LOGIN_FAIL" 31 | set event-type event-log 32 | set logid 39426 33 | config fields 34 | edit 1 35 | set name "user" 36 | set value "*ax*" 37 | next 38 | end 39 | next 40 | edit "SSL_LOGIN_FAIL_fortigate" 41 | set description "SSL_LOGIN_FAIL" 42 | set event-type event-log 43 | set logid 39426 44 | config fields 45 | edit 1 46 | set name "user" 47 | set value "*ortigate*" 48 | next 49 | end 50 | next 51 | edit "SSL_LOGIN_FAIL_fortinet" 52 | set description "SSL_LOGIN_FAIL" 53 | set event-type event-log 54 | set logid 39426 55 | config fields 56 | edit 1 57 | set name "user" 58 | set value "*ortinet*" 59 | next 60 | end 61 | next 62 | edit "SSL_LOGIN_FAIL_guest" 63 | set description "SSL_LOGIN_FAIL" 64 | set event-type event-log 65 | set logid 39426 66 | config fields 67 | edit 1 68 | set name "user" 69 | set value "*uest*" 70 | next 71 | end 72 | next 73 | edit "SSL_LOGIN_FAIL_kiosk" 74 | set description "SSL_LOGIN_FAIL" 75 | set event-type event-log 76 | set logid 39426 77 | config fields 78 | edit 1 79 | set name "user" 80 | set value "*iosk*" 81 | next 82 | end 83 | next 84 | edit "SSL_LOGIN_FAIL_printer" 85 | set description "SSL_LOGIN_FAIL" 86 | set event-type event-log 87 | set logid 39426 88 | config fields 89 | edit 1 90 | set name "user" 91 | set value "*rinter*" 92 | next 93 | end 94 | next 95 | edit "SSL_LOGIN_FAIL_receiving" 96 | set description "SSL_LOGIN_FAIL" 97 | set event-type event-log 98 | set logid 39426 99 | config fields 100 | edit 1 101 | set name "user" 102 | set value "*eceiving*" 103 | next 104 | end 105 | next 106 | edit "SSL_LOGIN_FAIL_scanner" 107 | set description "SSL_LOGIN_FAIL" 108 | set event-type event-log 109 | set logid 39426 110 | config fields 111 | edit 1 112 | set name "user" 113 | set value "*canner*" 114 | next 115 | end 116 | next 117 | edit "SSL_LOGIN_FAIL_sslvpn" 118 | set description "SSL_LOGIN_FAIL" 119 | set event-type event-log 120 | set logid 39426 121 | config fields 122 | edit 1 123 | set name "user" 124 | set value "*slvpn*" 125 | next 126 | end 127 | next 128 | edit "SSL_LOGIN_FAIL_teacher" 129 | set description "SSL_LOGIN_FAIL" 130 | set event-type event-log 131 | set logid 39426 132 | config fields 133 | edit 1 134 | set name "user" 135 | set value "*eacher*" 136 | next 137 | end 138 | next 139 | edit "SSL_LOGIN_FAIL_test" 140 | set description "SSL_LOGIN_FAIL" 141 | set event-type event-log 142 | set logid 39426 143 | config fields 144 | edit 1 145 | set name "user" 146 | set value "*est*" 147 | next 148 | end 149 | next 150 | edit "SSL_LOGIN_FAIL_voicemail" 151 | set description "SSL_LOGIN_FAIL" 152 | set event-type event-log 153 | set logid 39426 154 | config fields 155 | edit 1 156 | set name "user" 157 | set value "*oicemail*" 158 | next 159 | end 160 | next 161 | edit "SSL_LOGIN_FAIL_NA" 162 | set description "SSL_LOGIN_FAIL" 163 | set event-type event-log 164 | set logid 39426 165 | config fields 166 | edit 1 167 | set name "user" 168 | set value "N/A" 169 | next 170 | end 171 | next 172 | edit "SSL_LOGIN_FAIL_report" 173 | set description "SSL_LOGIN_FAIL" 174 | set event-type event-log 175 | set logid 39426 176 | config fields 177 | edit 1 178 | set name "user" 179 | set value "*eport*" 180 | next 181 | end 182 | next 183 | edit "SSL_LOGIN_FAIL_general" 184 | set description "SSL_LOGIN_FAIL" 185 | set event-type event-log 186 | set logid 39426 187 | config fields 188 | edit 1 189 | set name "user" 190 | set value "*eneral*" 191 | next 192 | end 193 | next 194 | edit "SSL_LOGIN_FAIL_frontdesk" 195 | set description "SSL_LOGIN_FAIL" 196 | set event-type event-log 197 | set logid 39426 198 | config fields 199 | edit 1 200 | set name "user" 201 | set value "*rontdesk*" 202 | next 203 | end 204 | next 205 | edit "SSL_LOGIN_FAIL_tech" 206 | set description "SSL_LOGIN_FAIL" 207 | set event-type event-log 208 | set logid 39426 209 | config fields 210 | edit 1 211 | set name "user" 212 | set value "*ech*" 213 | next 214 | end 215 | next 216 | edit "SSL_LOGIN_FAIL_support" 217 | set description "SSL_LOGIN_FAIL" 218 | set event-type event-log 219 | set logid 39426 220 | config fields 221 | edit 1 222 | set name "user" 223 | set value "*upport*" 224 | next 225 | end 226 | next 227 | edit "SSL_LOGIN_FAIL_security" 228 | set description "SSL_LOGIN_FAIL" 229 | set event-type event-log 230 | set logid 39426 231 | config fields 232 | edit 1 233 | set name "user" 234 | set value "*ecurity*" 235 | next 236 | end 237 | next 238 | edit "SSL_LOGIN_FAIL_host" 239 | set description "SSL_LOGIN_FAIL" 240 | set event-type event-log 241 | set logid 39426 242 | config fields 243 | edit 1 244 | set name "user" 245 | set value "*ost*" 246 | next 247 | end 248 | next 249 | edit "SSL_LOGIN_FAIL_store" 250 | set description "SSL_LOGIN_FAIL" 251 | set event-type event-log 252 | set logid 39426 253 | config fields 254 | edit 1 255 | set name "user" 256 | set value "*tore*" 257 | next 258 | end 259 | next 260 | edit "SSL_LOGIN_FAIL_library" 261 | set description "SSL_LOGIN_FAIL" 262 | set event-type event-log 263 | set logid 39426 264 | config fields 265 | edit 1 266 | set name "user" 267 | set value "*ibrary*" 268 | next 269 | end 270 | next 271 | edit "SSL_LOGIN_FAIL_client" 272 | set description "SSL_LOGIN_FAIL" 273 | set event-type event-log 274 | set logid 39426 275 | config fields 276 | edit 1 277 | set name "user" 278 | set value "*lient*" 279 | next 280 | end 281 | next 282 | edit "SSL_LOGIN_FAIL_dot" 283 | set description "SSL_LOGIN_FAIL" 284 | set event-type event-log 285 | set logid 39426 286 | config fields 287 | edit 1 288 | set name "user" 289 | set value "*.*" 290 | next 291 | end 292 | next 293 | edit "SSL_LOGIN_FAIL_USER" 294 | set description "SSL_LOGIN_FAIL" 295 | set event-type event-log 296 | set logid 39426 297 | config fields 298 | edit 1 299 | set name "user" 300 | set value "*ser*" 301 | next 302 | end 303 | next 304 | end 305 | config system automation-action 306 | edit "SSL_Connection" 307 | set action-type email 308 | set email-to "email@email.com" 309 | set email-from "from@email.com" 310 | set email-subject "New SSL Connection" 311 | next 312 | edit "Block_SSL_Failed" 313 | set description "Block_SSL_Failed" 314 | set action-type cli-script 315 | set script "config firewall address 316 | edit SSL_VPN_Block_%%log.remip%% 317 | set subnet %%log.remip%%/32 318 | end 319 | config firewall addrgrp 320 | edit Block_SSL_Failed 321 | append member SSL_VPN_Block_%%log.remip%% 322 | end" 323 | set accprofile "super_admin" 324 | next 325 | edit "SSL_VPN_Block" 326 | set description "SSL_VPN_Block" 327 | set action-type email 328 | set email-to "email@email.com" 329 | set email-from "from@email.com" 330 | set email-subject "SSL VPN IP Auto Blocked" 331 | set message "%%log.remip%% address has been added to the address group \"Block_SSL_Failed\" while using the following username: \"%%log.user%%\". 332 | The results of the CLI script were: 333 | %%results%%" 334 | next 335 | end 336 | config system automation-stitch 337 | edit "SSL_Connection" 338 | set trigger "SSLVPN_Connection" 339 | config actions 340 | edit 1 341 | set action "SSL_Connection" 342 | set required enable 343 | next 344 | end 345 | next 346 | edit "SSL_LOGIN_FAIL_admin" 347 | set description "SSL_VPN_Block" 348 | set status enable 349 | set trigger "SSL_LOGIN_FAIL_admin" 350 | config actions 351 | edit 1 352 | set action "Block_SSL_Failed" 353 | set required enable 354 | next 355 | edit 2 356 | set action "SSL_VPN_Block" 357 | set required enable 358 | next 359 | end 360 | next 361 | edit "SSL_LOGIN_FAIL_fax" 362 | set description "SSL_VPN_Block" 363 | set status enable 364 | set trigger "SSL_LOGIN_FAIL_fax" 365 | config actions 366 | edit 1 367 | set action "Block_SSL_Failed" 368 | set required enable 369 | next 370 | edit 2 371 | set action "SSL_VPN_Block" 372 | set required enable 373 | next 374 | end 375 | next 376 | edit "SSL_LOGIN_FAIL_fortigate" 377 | set description "SSL_VPN_Block" 378 | set status enable 379 | set trigger "SSL_LOGIN_FAIL_fortigate" 380 | config actions 381 | edit 1 382 | set action "Block_SSL_Failed" 383 | set required enable 384 | next 385 | edit 2 386 | set action "SSL_VPN_Block" 387 | set required enable 388 | next 389 | end 390 | next 391 | edit "SSL_LOGIN_FAIL_fortinet" 392 | set description "SSL_VPN_Block" 393 | set status enable 394 | set trigger "SSL_LOGIN_FAIL_fortinet" 395 | config actions 396 | edit 1 397 | set action "Block_SSL_Failed" 398 | set required enable 399 | next 400 | edit 2 401 | set action "SSL_VPN_Block" 402 | set required enable 403 | next 404 | end 405 | next 406 | edit "SSL_LOGIN_FAIL_guest" 407 | set description "SSL_VPN_Block" 408 | set status enable 409 | set trigger "SSL_LOGIN_FAIL_guest" 410 | config actions 411 | edit 1 412 | set action "Block_SSL_Failed" 413 | set required enable 414 | next 415 | edit 2 416 | set action "SSL_VPN_Block" 417 | set required enable 418 | next 419 | end 420 | next 421 | edit "SSL_LOGIN_FAIL_kiosk" 422 | set description "SSL_VPN_Block" 423 | set status enable 424 | set trigger "SSL_LOGIN_FAIL_kiosk" 425 | config actions 426 | edit 1 427 | set action "Block_SSL_Failed" 428 | set required enable 429 | next 430 | edit 2 431 | set action "SSL_VPN_Block" 432 | set required enable 433 | next 434 | end 435 | next 436 | edit "SSL_LOGIN_FAIL_printer" 437 | set description "SSL_VPN_Block" 438 | set status enable 439 | set trigger "SSL_LOGIN_FAIL_printer" 440 | config actions 441 | edit 1 442 | set action "Block_SSL_Failed" 443 | set required enable 444 | next 445 | edit 2 446 | set action "SSL_VPN_Block" 447 | set required enable 448 | next 449 | end 450 | next 451 | edit "SSL_LOGIN_FAIL_receiving" 452 | set description "SSL_VPN_Block" 453 | set status enable 454 | set trigger "SSL_LOGIN_FAIL_receiving" 455 | config actions 456 | edit 1 457 | set action "Block_SSL_Failed" 458 | set required enable 459 | next 460 | edit 2 461 | set action "SSL_VPN_Block" 462 | set required enable 463 | next 464 | end 465 | next 466 | edit "SSL_LOGIN_FAIL_scanner" 467 | set description "SSL_VPN_Block" 468 | set status enable 469 | set trigger "SSL_LOGIN_FAIL_scanner" 470 | config actions 471 | edit 1 472 | set action "Block_SSL_Failed" 473 | set required enable 474 | next 475 | edit 2 476 | set action "SSL_VPN_Block" 477 | set required enable 478 | next 479 | end 480 | next 481 | edit "SSL_LOGIN_FAIL_sslvpn" 482 | set description "SSL_VPN_Block" 483 | set status enable 484 | set trigger "SSL_LOGIN_FAIL_sslvpn" 485 | config actions 486 | edit 1 487 | set action "Block_SSL_Failed" 488 | set required enable 489 | next 490 | edit 2 491 | set action "SSL_VPN_Block" 492 | set required enable 493 | next 494 | end 495 | next 496 | edit "SSL_LOGIN_FAIL_teacher" 497 | set description "SSL_VPN_Block" 498 | set status enable 499 | set trigger "SSL_LOGIN_FAIL_teacher" 500 | config actions 501 | edit 1 502 | set action "Block_SSL_Failed" 503 | set required enable 504 | next 505 | edit 2 506 | set action "SSL_VPN_Block" 507 | set required enable 508 | next 509 | end 510 | next 511 | edit "SSL_LOGIN_FAIL_test" 512 | set description "SSL_VPN_Block" 513 | set status enable 514 | set trigger "SSL_LOGIN_FAIL_test" 515 | config actions 516 | edit 1 517 | set action "Block_SSL_Failed" 518 | set required enable 519 | next 520 | edit 2 521 | set action "SSL_VPN_Block" 522 | set required enable 523 | next 524 | end 525 | next 526 | edit "SSL_LOGIN_FAIL_voicemail" 527 | set description "SSL_VPN_Block" 528 | set status enable 529 | set trigger "SSL_LOGIN_FAIL_voicemail" 530 | config actions 531 | edit 1 532 | set action "Block_SSL_Failed" 533 | set required enable 534 | next 535 | edit 2 536 | set action "SSL_VPN_Block" 537 | set required enable 538 | next 539 | end 540 | next 541 | edit "SSL_LOGIN_FAIL_NA" 542 | set description "SSL_VPN_Block" 543 | set status enable 544 | set trigger "SSL_LOGIN_FAIL_NA" 545 | config actions 546 | edit 1 547 | set action "Block_SSL_Failed" 548 | set required enable 549 | next 550 | edit 2 551 | set action "SSL_VPN_Block" 552 | set required enable 553 | next 554 | end 555 | next 556 | edit "SSL_LOGIN_FAIL_report" 557 | set description "SSL_VPN_Block" 558 | set status enable 559 | set trigger "SSL_LOGIN_FAIL_report" 560 | config actions 561 | edit 1 562 | set action "Block_SSL_Failed" 563 | set required enable 564 | next 565 | edit 2 566 | set action "SSL_VPN_Block" 567 | set required enable 568 | next 569 | end 570 | next 571 | edit "SSL_LOGIN_FAIL_general" 572 | set description "SSL_VPN_Block" 573 | set status enable 574 | set trigger "SSL_LOGIN_FAIL_general" 575 | config actions 576 | edit 1 577 | set action "Block_SSL_Failed" 578 | set required enable 579 | next 580 | edit 2 581 | set action "SSL_VPN_Block" 582 | set required enable 583 | next 584 | end 585 | next 586 | edit "SSL_LOGIN_FAIL_frontdesk" 587 | set description "SSL_VPN_Block" 588 | set status enable 589 | set trigger "SSL_LOGIN_FAIL_frontdesk" 590 | config actions 591 | edit 1 592 | set action "Block_SSL_Failed" 593 | set required enable 594 | next 595 | edit 2 596 | set action "SSL_VPN_Block" 597 | set required enable 598 | next 599 | end 600 | next 601 | edit "SSL_LOGIN_FAIL_tech" 602 | set description "SSL_VPN_Block" 603 | set status enable 604 | set trigger "SSL_LOGIN_FAIL_tech" 605 | config actions 606 | edit 1 607 | set action "Block_SSL_Failed" 608 | set required enable 609 | next 610 | edit 2 611 | set action "SSL_VPN_Block" 612 | set required enable 613 | next 614 | end 615 | next 616 | edit "SSL_LOGIN_FAIL_support" 617 | set description "SSL_VPN_Block" 618 | set status enable 619 | set trigger "SSL_LOGIN_FAIL_support" 620 | config actions 621 | edit 1 622 | set action "Block_SSL_Failed" 623 | set required enable 624 | next 625 | edit 2 626 | set action "SSL_VPN_Block" 627 | set required enable 628 | next 629 | end 630 | next 631 | edit "SSL_LOGIN_FAIL_security" 632 | set description "SSL_VPN_Block" 633 | set status enable 634 | set trigger "SSL_LOGIN_FAIL_security" 635 | config actions 636 | edit 1 637 | set action "Block_SSL_Failed" 638 | set required enable 639 | next 640 | edit 2 641 | set action "SSL_VPN_Block" 642 | set required enable 643 | next 644 | end 645 | next 646 | edit "SSL_LOGIN_FAIL_host" 647 | set description "SSL_VPN_Block" 648 | set status enable 649 | set trigger "SSL_LOGIN_FAIL_host" 650 | config actions 651 | edit 1 652 | set action "Block_SSL_Failed" 653 | set required enable 654 | next 655 | edit 2 656 | set action "SSL_VPN_Block" 657 | set required enable 658 | next 659 | end 660 | next 661 | edit "SSL_LOGIN_FAIL_store" 662 | set description "SSL_VPN_Block" 663 | set status enable 664 | set trigger "SSL_LOGIN_FAIL_store" 665 | config actions 666 | edit 1 667 | set action "Block_SSL_Failed" 668 | set required enable 669 | next 670 | edit 2 671 | set action "SSL_VPN_Block" 672 | set required enable 673 | next 674 | end 675 | next 676 | edit "SSL_LOGIN_FAIL_library" 677 | set description "SSL_VPN_Block" 678 | set status enable 679 | set trigger "SSL_LOGIN_FAIL_library" 680 | config actions 681 | edit 1 682 | set action "Block_SSL_Failed" 683 | set required enable 684 | next 685 | edit 2 686 | set action "SSL_VPN_Block" 687 | set required enable 688 | next 689 | end 690 | next 691 | edit "SSL_LOGIN_FAIL_client" 692 | set description "SSL_VPN_Block" 693 | set status enable 694 | set trigger "SSL_LOGIN_FAIL_client" 695 | config actions 696 | edit 1 697 | set action "Block_SSL_Failed" 698 | set required enable 699 | next 700 | edit 2 701 | set action "SSL_VPN_Block" 702 | set required enable 703 | next 704 | end 705 | next 706 | edit "SSL_LOGIN_FAIL_dot" 707 | set description "SSL_VPN_Block" 708 | set status enable 709 | set trigger "SSL_LOGIN_FAIL_dot" 710 | config actions 711 | edit 1 712 | set action "Block_SSL_Failed" 713 | set required enable 714 | next 715 | edit 2 716 | set action "SSL_VPN_Block" 717 | set required enable 718 | next 719 | end 720 | next 721 | edit "SSL_LOGIN_FAIL_USER" 722 | set description "SSL_VPN_Block" 723 | set status enable 724 | set trigger "SSL_LOGIN_FAIL_USER" 725 | config actions 726 | edit 1 727 | set action "Block_SSL_Failed" 728 | set required enable 729 | next 730 | edit 2 731 | set action "SSL_VPN_Block" 732 | set required enable 733 | next 734 | end 735 | next 736 | end 737 | config firewall address 738 | edit "SSLVPN_TUNNEL_ADDR1" 739 | set type iprange 740 | set start-ip 10.212.134.200 741 | set end-ip 10.212.134.210 742 | next 743 | edit "SSL_VPN_Block_China" 744 | set type geography 745 | set country "CN" 746 | next 747 | edit "SSL_VPN_Block_Russia" 748 | set type geography 749 | set country "RU" 750 | next 751 | edit "SSL_VPN_Block_Bangladesh" 752 | set type geography 753 | set country "BD" 754 | next 755 | edit "SSL_VPN_Block_Czech_Republic" 756 | set type geography 757 | set country "CZ" 758 | next 759 | edit "SSL_VPN_Block_Hong_Kong" 760 | set type geography 761 | set country "HK" 762 | next 763 | edit "SSL_VPN_Block_Indonesia" 764 | set type geography 765 | set country "ID" 766 | next 767 | edit "SSL_VPN_Block_Korea1" 768 | set type geography 769 | set country "KP" 770 | next 771 | edit "SSL_VPN_Block_Korea2" 772 | set type geography 773 | set country "KR" 774 | next 775 | edit "SSL_VPN_Block_USA" 776 | set type geography 777 | set country "US" 778 | next 779 | edit "SSL_VPN_Block_Afganistan" 780 | set type geography 781 | set country "AF" 782 | next 783 | edit "SSL_VPN_Block_Aland_Islands" 784 | set type geography 785 | set country "AX" 786 | next 787 | edit "SSL_VPN_Block_Albania" 788 | set type geography 789 | set country "AL" 790 | next 791 | edit "SSL_VPN_Block_Algeria" 792 | set type geography 793 | set country "DZ" 794 | next 795 | edit "SSL_VPN_Block_Austrialia" 796 | set type geography 797 | set country "AU" 798 | next 799 | edit "SSL_VPN_Block_Austria" 800 | set type geography 801 | set country "AT" 802 | next 803 | edit "SSL_VPN_Block_Belgium" 804 | set type geography 805 | set country "BE" 806 | next 807 | edit "SSL_VPN_Block_Belize" 808 | set type geography 809 | set country "BZ" 810 | next 811 | edit "SSL_VPN_Block_Brazil" 812 | set type geography 813 | set country "BR" 814 | next 815 | edit "SSL_VPN_Block_Cambodia" 816 | set type geography 817 | set country "KH" 818 | next 819 | edit "SSL_VPN_Block_Canada" 820 | set type geography 821 | set country "CA" 822 | next 823 | edit "SSL_VPN_Block_Denmark" 824 | set type geography 825 | set country "DK" 826 | next 827 | edit "SSL_VPN_Block_France" 828 | set type geography 829 | set country "FR" 830 | next 831 | edit "SSL_VPN_Block_Germany" 832 | set type geography 833 | set country "DE" 834 | next 835 | edit "SSL_VPN_Block_Greece" 836 | set type geography 837 | set country "GR" 838 | next 839 | edit "SSL_VPN_Block_Hungary" 840 | set type geography 841 | set country "HU" 842 | next 843 | edit "SSL_VPN_Block_India" 844 | set type geography 845 | set country "IN" 846 | next 847 | edit "SSL_VPN_Block_Iran" 848 | set type geography 849 | set country "IR" 850 | next 851 | edit "SSL_VPN_Block_Iraq" 852 | set type geography 853 | set country "IQ" 854 | next 855 | edit "SSL_VPN_Block_Ireland" 856 | set type geography 857 | set country "IE" 858 | next 859 | edit "SSL_VPN_Block_Isreal" 860 | set type geography 861 | set country "IL" 862 | next 863 | edit "SSL_VPN_Block_Italy" 864 | set type geography 865 | set country "IT" 866 | next 867 | edit "SSL_VPN_Block_Japan" 868 | set type geography 869 | set country "JP" 870 | next 871 | edit "SSL_VPN_Block_Liberia" 872 | set type geography 873 | set country "LR" 874 | next 875 | edit "SSL_VPN_Block_Luxembourg" 876 | set type geography 877 | set country "LU" 878 | next 879 | edit "SSL_VPN_Block_Malaysia" 880 | set type geography 881 | set country "MY" 882 | next 883 | edit "SSL_VPN_Block_Mexico" 884 | set type geography 885 | set country "MX" 886 | next 887 | edit "SSL_VPN_Block_Singapore" 888 | set type geography 889 | set country "SG" 890 | next 891 | edit "SSL_VPN_Block_Spain" 892 | set type geography 893 | set country "ES" 894 | next 895 | edit "SSL_VPN_Block_Sweeden" 896 | set type geography 897 | set country "SE" 898 | next 899 | edit "SSL_VPN_Block_Switzerland" 900 | set type geography 901 | set country "CH" 902 | next 903 | edit "SSL_VPN_Block_Taiwan" 904 | set type geography 905 | set country "TW" 906 | next 907 | edit "SSL_VPN_Block_United_Kingdom" 908 | set type geography 909 | set country "GB" 910 | next 911 | edit "SSL_VPN_Block_Netherlands" 912 | set type geography 913 | set country "NL" 914 | next 915 | edit "SSL_VPN_Block_Netherlands_Antilles" 916 | set type geography 917 | set country "AN" 918 | next 919 | edit "SSL_VPN_Block_American_Aamoa" 920 | set type geography 921 | set country "AS" 922 | next 923 | edit "SSL_VPN_Block_Andorra" 924 | set type geography 925 | set country "AD" 926 | next 927 | edit "SSL_VPN_Block_Angola" 928 | set type geography 929 | set country "AO" 930 | next 931 | edit "SSL_VPN_Block_Anguilla" 932 | set type geography 933 | set country "AI" 934 | next 935 | edit "SSL_VPN_Block_Antigua_Barbuda" 936 | set type geography 937 | set country "AG" 938 | next 939 | edit "SSL_VPN_Block_Argentina" 940 | set type geography 941 | set country "AR" 942 | next 943 | edit "SSL_VPN_Block_Armenia" 944 | set type geography 945 | set country "AM" 946 | next 947 | edit "SSL_VPN_Block_Aruba" 948 | set type geography 949 | set country "AW" 950 | next 951 | edit "SSL_VPN_Block_Azerbaijan" 952 | set type geography 953 | set country "AZ" 954 | next 955 | edit "SSL_VPN_Block_Bahamas" 956 | set type geography 957 | set country "BS" 958 | next 959 | edit "SSL_VPN_Block_Bahrain" 960 | set type geography 961 | set country "BH" 962 | next 963 | edit "SSL_VPN_Block_Barbados" 964 | set type geography 965 | set country "BB" 966 | next 967 | edit "SSL_VPN_Block_Belarus" 968 | set type geography 969 | set country "BY" 970 | next 971 | edit "SSL_VPN_Block_Benin" 972 | set type geography 973 | set country "BJ" 974 | next 975 | edit "SSL_VPN_Block_Bermuda" 976 | set type geography 977 | set country "BM" 978 | next 979 | edit "SSL_VPN_Block_Bhutan" 980 | set type geography 981 | set country "BT" 982 | next 983 | edit "SSL_VPN_Block_Bolvia" 984 | set type geography 985 | set country "BO" 986 | next 987 | edit "SSL_VPN_Block_Bosnia_Herzegovia" 988 | set type geography 989 | set country "BA" 990 | next 991 | edit "SSL_VPN_Block_Botswana" 992 | set type geography 993 | set country "BW" 994 | next 995 | edit "SSL_VPN_Block_Bouvet_Island" 996 | set type geography 997 | set country "BV" 998 | next 999 | edit "SSL_VPN_Block_British_Indian_ocean_terr" 1000 | set type geography 1001 | set country "IO" 1002 | next 1003 | edit "SSL_VPN_Block_Brunei_Darussalam" 1004 | set type geography 1005 | set country "BN" 1006 | next 1007 | edit "SSL_VPN_Block_Bulgaria" 1008 | set type geography 1009 | set country "BG" 1010 | next 1011 | edit "SSL_VPN_Block_Burkina_Faso" 1012 | set type geography 1013 | set country "BF" 1014 | next 1015 | edit "SSL_VPN_Block_Burundi" 1016 | set type geography 1017 | set country "BI" 1018 | next 1019 | edit "SSL_VPN_Block_Cameroon" 1020 | set type geography 1021 | set country "CM" 1022 | next 1023 | edit "SSL_VPN_Block_Cape_Verde" 1024 | set type geography 1025 | set country "CV" 1026 | next 1027 | edit "SSL_VPN_Block_Cayman_Islands" 1028 | set type geography 1029 | set country "KY" 1030 | next 1031 | edit "SSL_VPN_Block_Central_African_Republic" 1032 | set type geography 1033 | set country "CF" 1034 | next 1035 | edit "SSL_VPN_Block_Chad" 1036 | set type geography 1037 | set country "TD" 1038 | next 1039 | edit "SSL_VPN_Block_Chile" 1040 | set type geography 1041 | set country "CL" 1042 | next 1043 | edit "SSL_VPN_Block_Christams_Island" 1044 | set type geography 1045 | set country "CX" 1046 | next 1047 | edit "SSL_VPN_Block_Columbia" 1048 | set type geography 1049 | set country "CO" 1050 | next 1051 | edit "SSL_VPN_Block_Comonros" 1052 | set type geography 1053 | set country "KM" 1054 | next 1055 | edit "SSL_VPN_Block_Congo" 1056 | set type geography 1057 | set country "CG" 1058 | next 1059 | edit "SSL_VPN_Block_Congo_Replibic" 1060 | set type geography 1061 | set country "CD" 1062 | next 1063 | edit "SSL_VPN_Block_Cook_Islands" 1064 | set type geography 1065 | set country "CK" 1066 | next 1067 | edit "SSL_VPN_Block_Costa_Rica" 1068 | set type geography 1069 | set country "CR" 1070 | next 1071 | edit "SSL_VPN_Block_Cote_Dlvoire" 1072 | set type geography 1073 | set country "CI" 1074 | next 1075 | edit "SSL_VPN_Block_Croatia" 1076 | set type geography 1077 | set country "HR" 1078 | next 1079 | edit "SSL_VPN_Block_Cuba" 1080 | set type geography 1081 | set country "CU" 1082 | next 1083 | edit "SSL_VPN_Block_Curacao" 1084 | set type geography 1085 | set country "CW" 1086 | next 1087 | edit "SSL_VPN_Block_Djibouti" 1088 | set type geography 1089 | set country "DJ" 1090 | next 1091 | edit "SSL_VPN_Block_Dominica" 1092 | set type geography 1093 | set country "DM" 1094 | next 1095 | edit "SSL_VPN_Block_Dominican_Replublic" 1096 | set type geography 1097 | set country "DO" 1098 | next 1099 | edit "SSL_VPN_Block_Ecuador" 1100 | set type geography 1101 | set country "EC" 1102 | next 1103 | edit "SSL_VPN_Block_Egypt" 1104 | set type geography 1105 | set country "EG" 1106 | next 1107 | edit "SSL_VPN_Block_El_Salvador" 1108 | set type geography 1109 | set country "SV" 1110 | next 1111 | edit "SSL_VPN_Block_Equatorial_Guinea" 1112 | set type geography 1113 | set country "GQ" 1114 | next 1115 | edit "SSL_VPN_Block_Eritrea" 1116 | set type geography 1117 | set country "ER" 1118 | next 1119 | edit "SSL_VPN_Block_Estonia" 1120 | set type geography 1121 | set country "EE" 1122 | next 1123 | edit "SSL_VPN_Block_Ethiopia" 1124 | set type geography 1125 | set country "ET" 1126 | next 1127 | edit "SSL_VPN_Block_Falkland_Islands" 1128 | set type geography 1129 | set country "FK" 1130 | next 1131 | edit "SSL_VPN_Block_Faroe_Islands" 1132 | set type geography 1133 | set country "FO" 1134 | next 1135 | edit "SSL_VPN_Block_Fiji" 1136 | set type geography 1137 | set country "FJ" 1138 | next 1139 | edit "SSL_VPN_Block_Finland" 1140 | set type geography 1141 | set country "FI" 1142 | next 1143 | edit "SSL_VPN_Block_French_Guiana" 1144 | set type geography 1145 | set country "GF" 1146 | next 1147 | edit "SSL_VPN_Block_French_Polnesia" 1148 | set type geography 1149 | set country "PF" 1150 | next 1151 | edit "SSL_VPN_Block_FST" 1152 | set type geography 1153 | set country "TF" 1154 | next 1155 | edit "SSL_VPN_Block_Gabon" 1156 | set type geography 1157 | set country "GA" 1158 | next 1159 | edit "SSL_VPN_Block_Gambia" 1160 | set type geography 1161 | set country "GM" 1162 | next 1163 | edit "SSL_VPN_Block_Georgia" 1164 | set type geography 1165 | set country "GE" 1166 | next 1167 | edit "SSL_VPN_Block_Ghana" 1168 | set type geography 1169 | set country "GH" 1170 | next 1171 | edit "SSL_VPN_Block_Gibraltar" 1172 | set type geography 1173 | set country "GI" 1174 | next 1175 | edit "SSL_VPN_Block_Greenland" 1176 | set type geography 1177 | set country "GL" 1178 | next 1179 | edit "SSL_VPN_Block_Grenada" 1180 | set type geography 1181 | set country "GD" 1182 | next 1183 | edit "SSL_VPN_Block_Guadeloupe" 1184 | set type geography 1185 | set country "GP" 1186 | next 1187 | edit "SSL_VPN_Block_Palestinain_Territory" 1188 | set type geography 1189 | set country "PS" 1190 | next 1191 | edit "SSL_VPN_Block_guam" 1192 | set type geography 1193 | set country "GU" 1194 | next 1195 | edit "SSL_VPN_Block_Guatemala" 1196 | set type geography 1197 | set country "GT" 1198 | next 1199 | edit "SSL_VPN_Block_Guerney" 1200 | set type geography 1201 | set country "GG" 1202 | next 1203 | edit "SSL_VPN_Block_Guinea" 1204 | set type geography 1205 | set country "GN" 1206 | next 1207 | edit "SSL_VPN_Block_Ginea-Bissau" 1208 | set type geography 1209 | set country "GW" 1210 | next 1211 | edit "SSL_VPN_Block_Guyana" 1212 | set type geography 1213 | set country "GY" 1214 | next 1215 | edit "SSL_VPN_Block_Haiti" 1216 | set type geography 1217 | set country "HT" 1218 | next 1219 | edit "SSL_VPN_Block_Heard_Islands" 1220 | set type geography 1221 | set country "HM" 1222 | next 1223 | edit "SSL_VPN_Block_Holy_See" 1224 | set type geography 1225 | set country "VA" 1226 | next 1227 | edit "SSL_VPN_Block_Honduras" 1228 | set type geography 1229 | set country "HN" 1230 | next 1231 | edit "SSL_VPN_Block_Iceland" 1232 | set type geography 1233 | set country "IS" 1234 | next 1235 | edit "SSL_VPN_Block_Isle_of_man" 1236 | set type geography 1237 | set country "IM" 1238 | next 1239 | edit "SSL_VPN_Block_Jamacia" 1240 | set type geography 1241 | set country "JM" 1242 | next 1243 | edit "SSL_VPN_Block_Jersey" 1244 | set type geography 1245 | set country "JE" 1246 | next 1247 | edit "SSL_VPN_Block_Jordan" 1248 | set type geography 1249 | set country "JO" 1250 | next 1251 | edit "SSL_VPN_Block_Kazakhstan" 1252 | set type geography 1253 | set country "KZ" 1254 | next 1255 | edit "SSL_VPN_Block_Kenya" 1256 | set type geography 1257 | set country "KE" 1258 | next 1259 | edit "SSL_VPN_Block_Kiribati" 1260 | set type geography 1261 | set country "KI" 1262 | next 1263 | edit "SSL_VPN_Block_Korea" 1264 | set type geography 1265 | set country "KP" 1266 | next 1267 | edit "SSL_VPN_Block_Kosovo" 1268 | set type geography 1269 | set country "XK" 1270 | next 1271 | edit "SSL_VPN_Block_Kuwait" 1272 | set type geography 1273 | set country "KW" 1274 | next 1275 | edit "SSL_VPN_Block_Kyrgyzstan" 1276 | set type geography 1277 | set country "KG" 1278 | next 1279 | edit "SSL_VPN_Block_Lao" 1280 | set type geography 1281 | set country "LA" 1282 | next 1283 | edit "SSL_VPN_Block_Latvia" 1284 | set type geography 1285 | set country "LV" 1286 | next 1287 | edit "SSL_VPN_Block_Lebanon" 1288 | set type geography 1289 | set country "LB" 1290 | next 1291 | edit "SSL_VPN_Block_Lesotho" 1292 | set type geography 1293 | set country "LS" 1294 | next 1295 | edit "SSL_VPN_Block_Libyan" 1296 | set type geography 1297 | set country "LY" 1298 | next 1299 | edit "SSL_VPN_Block_Liechtenstein" 1300 | set type geography 1301 | set country "LI" 1302 | next 1303 | edit "SSL_VPN_Block_Lithuania" 1304 | set type geography 1305 | set country "LT" 1306 | next 1307 | edit "SSL_VPN_Block_Macao" 1308 | set type geography 1309 | set country "MO" 1310 | next 1311 | edit "SSL_VPN_Block_Macedonia" 1312 | set type geography 1313 | set country "MK" 1314 | next 1315 | edit "SSL_VPN_Block_Madagascar" 1316 | set type geography 1317 | set country "MG" 1318 | next 1319 | edit "SSL_VPN_Block_Malawi" 1320 | set type geography 1321 | set country "MW" 1322 | next 1323 | edit "SSL_VPN_Block_Maldives" 1324 | set type geography 1325 | set country "MV" 1326 | next 1327 | edit "SSL_VPN_Block_Mali" 1328 | set type geography 1329 | set country "ML" 1330 | next 1331 | edit "SSL_VPN_Block_Malta" 1332 | set type geography 1333 | set country "MT" 1334 | next 1335 | edit "SSL_VPN_Block_Marshall_Islands" 1336 | set type geography 1337 | set country "MH" 1338 | next 1339 | edit "SSL_VPN_Block_Martinique" 1340 | set type geography 1341 | set country "MQ" 1342 | next 1343 | edit "SSL_VPN_Block_Mauritania" 1344 | set type geography 1345 | set country "MR" 1346 | next 1347 | edit "SSL_VPN_Block_Mauritius" 1348 | set type geography 1349 | set country "MU" 1350 | next 1351 | edit "SSL_VPN_Block_Mayotte" 1352 | set type geography 1353 | set country "YT" 1354 | next 1355 | edit "SSL_VPN_Block_Micronedia" 1356 | set type geography 1357 | set country "FM" 1358 | next 1359 | edit "SSL_VPN_Block_Moldova" 1360 | set type geography 1361 | set country "MD" 1362 | next 1363 | edit "SSL_VPN_Block_Monaco" 1364 | set type geography 1365 | set country "MC" 1366 | next 1367 | edit "SSL_VPN_Block_Mongolia" 1368 | set type geography 1369 | set country "MN" 1370 | next 1371 | edit "SSL_VPN_Block_Montenergo" 1372 | set type geography 1373 | set country "ME" 1374 | next 1375 | edit "SSL_VPN_Block_Montserrat" 1376 | set type geography 1377 | set country "MS" 1378 | next 1379 | edit "SSL_VPN_Block_Morocco" 1380 | set type geography 1381 | set country "MA" 1382 | next 1383 | edit "SSL_VPN_Block_Mozambique" 1384 | set type geography 1385 | set country "MZ" 1386 | next 1387 | edit "SSL_VPN_Block_Myanmar" 1388 | set type geography 1389 | set country "MM" 1390 | next 1391 | edit "SSL_VPN_Block_Turkey" 1392 | set type geography 1393 | set country "TR" 1394 | next 1395 | edit "SSL_VPN_Block_Cyprus" 1396 | set type geography 1397 | set country "CY" 1398 | next 1399 | edit "SSL_VPN_Block_Namibia" 1400 | set type geography 1401 | set country "NA" 1402 | next 1403 | edit "SSL_VPN_Block_Nauru" 1404 | set type geography 1405 | set country "NR" 1406 | next 1407 | edit "SSL_VPN_Block_Nepal" 1408 | set type geography 1409 | set country "NP" 1410 | next 1411 | edit "SSL_VPN_Block_New_Caledonia" 1412 | set type geography 1413 | set country "NC" 1414 | next 1415 | edit "SSL_VPN_Block_New_Zealand" 1416 | set type geography 1417 | set country "NZ" 1418 | next 1419 | edit "SSL_VPN_Block_Nicaragua" 1420 | set type geography 1421 | set country "NI" 1422 | next 1423 | edit "SSL_VPN_Block_Niger" 1424 | set type geography 1425 | set country "NE" 1426 | next 1427 | edit "SSL_VPN_Block_Nigeria" 1428 | set type geography 1429 | set country "NG" 1430 | next 1431 | edit "SSL_VPN_Block_Norway" 1432 | set type geography 1433 | set country "NO" 1434 | next 1435 | edit "SSL_VPN_Block_Pakistan" 1436 | set type geography 1437 | set country "PK" 1438 | next 1439 | edit "SSL_VPN_Block_Panama" 1440 | set type geography 1441 | set country "PA" 1442 | next 1443 | edit "SSL_VPN_Block_Paraguay" 1444 | set type geography 1445 | set country "PY" 1446 | next 1447 | edit "SSL_VPN_Block_Peru" 1448 | set type geography 1449 | set country "PE" 1450 | next 1451 | edit "SSL_VPN_Block_Philippines" 1452 | set type geography 1453 | set country "PH" 1454 | next 1455 | edit "SSL_VPN_Block_Poland" 1456 | set type geography 1457 | set country "PL" 1458 | next 1459 | edit "SSL_VPN_Block_Portugal" 1460 | set type geography 1461 | set country "PT" 1462 | next 1463 | edit "SSL_VPN_Block_Puerto_rico" 1464 | set type geography 1465 | set country "PR" 1466 | next 1467 | edit "SSL_VPN_Block_Reunion" 1468 | set type geography 1469 | set country "RE" 1470 | next 1471 | edit "SSL_VPN_Block_Romania" 1472 | set type geography 1473 | set country "RO" 1474 | next 1475 | edit "SSL_VPN_Block_Samoa" 1476 | set type geography 1477 | set country "WS" 1478 | next 1479 | edit "SSL_VPN_Block_Saudi_Arabia" 1480 | set type geography 1481 | set country "SA" 1482 | next 1483 | edit "SSL_VPN_Block_Serbia" 1484 | set type geography 1485 | set country "RS" 1486 | next 1487 | edit "SSL_VPN_Block_Slovakia" 1488 | set type geography 1489 | set country "SK" 1490 | next 1491 | edit "SSL_VPN_Block_Slovenia" 1492 | set type geography 1493 | set country "SI" 1494 | next 1495 | edit "SSL_VPN_Block_Somalia" 1496 | set type geography 1497 | set country "SO" 1498 | next 1499 | edit "SSL_VPN_Block_South_Africa" 1500 | set type geography 1501 | set country "ZA" 1502 | next 1503 | edit "SSL_VPN_Block_Sudan" 1504 | set type geography 1505 | set country "SD" 1506 | next 1507 | edit "SSL_VPN_Block_Syrian_arab_republic" 1508 | set type geography 1509 | set country "SY" 1510 | next 1511 | edit "SSL_VPN_Block_Thailand" 1512 | set type geography 1513 | set country "TH" 1514 | next 1515 | edit "SSL_VPN_Block_Turks_and_cacios" 1516 | set type geography 1517 | set country "TC" 1518 | next 1519 | edit "SSL_VPN_Block_Ukraine" 1520 | set type geography 1521 | set country "UA" 1522 | next 1523 | edit "SSL_VPN_Block_United_Arab_Emirates" 1524 | set type geography 1525 | set country "AE" 1526 | next 1527 | edit "SSL_VPN_Block_Uruguay" 1528 | set type geography 1529 | set country "UY" 1530 | next 1531 | edit "SSL_VPN_Block_Venezuela" 1532 | set type geography 1533 | set country "VE" 1534 | next 1535 | edit "SSL_VPN_Block_Vietnam" 1536 | set type geography 1537 | set country "VN" 1538 | next 1539 | edit "SSL_VPN_Block_Virgin_islands_british" 1540 | set type geography 1541 | set country "VG" 1542 | next 1543 | edit "WAN_to_LOOPBACK address" 1544 | set type interface-subnet 1545 | set subnet 10.10.20.1 255.255.255.255 1546 | set interface "WAN_to_LOOPBACK" 1547 | next 1548 | end 1549 | config firewall address6 1550 | edit "SSLVPN_TUNNEL_IPv6_ADDR1" 1551 | set ip6 fdff:ffff::/120 1552 | next 1553 | edit "SSL_VPN_address" 1554 | set ip6 xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/128 1555 | next 1556 | end 1557 | config firewall addrgrp 1558 | edit "SSL_VPN_Block_Geography" 1559 | set member "SSL_VPN_Block_Bangladesh" "SSL_VPN_Block_China" "SSL_VPN_Block_Russia" "SSL_VPN_Block_Czech_Republic" "SSL_VPN_Block_Hong_Kong" "SSL_VPN_Block_Indonesia" "SSL_VPN_Block_Korea1" "SSL_VPN_Block_Korea2" "SSL_VPN_Block_Afganistan" "SSL_VPN_Block_Aland_Islands" "SSL_VPN_Block_Albania" "SSL_VPN_Block_Algeria" "SSL_VPN_Block_Austria" "SSL_VPN_Block_Austrialia" "SSL_VPN_Block_Belgium" "SSL_VPN_Block_Belize" "SSL_VPN_Block_Brazil" "SSL_VPN_Block_Cambodia" "SSL_VPN_Block_Canada" "SSL_VPN_Block_Denmark" "SSL_VPN_Block_France" "SSL_VPN_Block_Germany" "SSL_VPN_Block_Greece" "SSL_VPN_Block_Hungary" "SSL_VPN_Block_India" "SSL_VPN_Block_Iran" "SSL_VPN_Block_Iraq" "SSL_VPN_Block_Ireland" "SSL_VPN_Block_Isreal" "SSL_VPN_Block_Italy" "SSL_VPN_Block_Japan" "SSL_VPN_Block_Liberia" "SSL_VPN_Block_Luxembourg" "SSL_VPN_Block_Malaysia" "SSL_VPN_Block_Mexico" "SSL_VPN_Block_Singapore" "SSL_VPN_Block_Spain" "SSL_VPN_Block_Sweeden" "SSL_VPN_Block_Switzerland" "SSL_VPN_Block_Taiwan" "SSL_VPN_Block_United_Kingdom" "SSL_VPN_Block_American_Aamoa" "SSL_VPN_Block_Andorra" "SSL_VPN_Block_Angola" "SSL_VPN_Block_Anguilla" "SSL_VPN_Block_Antigua_Barbuda" "SSL_VPN_Block_Argentina" "SSL_VPN_Block_Armenia" "SSL_VPN_Block_Aruba" "SSL_VPN_Block_Azerbaijan" "SSL_VPN_Block_Bahamas" "SSL_VPN_Block_Bahrain" "SSL_VPN_Block_Barbados" "SSL_VPN_Block_Belarus" "SSL_VPN_Block_Benin" "SSL_VPN_Block_Bermuda" "SSL_VPN_Block_Bhutan" "SSL_VPN_Block_Bolvia" "SSL_VPN_Block_Bosnia_Herzegovia" "SSL_VPN_Block_Botswana" "SSL_VPN_Block_Bouvet_Island" "SSL_VPN_Block_British_Indian_ocean_terr" "SSL_VPN_Block_Brunei_Darussalam" "SSL_VPN_Block_Bulgaria" "SSL_VPN_Block_Burkina_Faso" "SSL_VPN_Block_Burundi" "SSL_VPN_Block_Cameroon" "SSL_VPN_Block_Cape_Verde" "SSL_VPN_Block_Cayman_Islands" "SSL_VPN_Block_Central_African_Republic" "SSL_VPN_Block_Chad" "SSL_VPN_Block_Chile" "SSL_VPN_Block_Christams_Island" "SSL_VPN_Block_Columbia" "SSL_VPN_Block_Comonros" "SSL_VPN_Block_Congo" "SSL_VPN_Block_Congo_Replibic" "SSL_VPN_Block_Cook_Islands" "SSL_VPN_Block_Costa_Rica" "SSL_VPN_Block_Cote_Dlvoire" "SSL_VPN_Block_Croatia" "SSL_VPN_Block_Cuba" "SSL_VPN_Block_Curacao" "SSL_VPN_Block_Djibouti" "SSL_VPN_Block_Dominica" "SSL_VPN_Block_Dominican_Replublic" "SSL_VPN_Block_Ecuador" "SSL_VPN_Block_Egypt" "SSL_VPN_Block_El_Salvador" "SSL_VPN_Block_Equatorial_Guinea" "SSL_VPN_Block_Eritrea" "SSL_VPN_Block_Estonia" "SSL_VPN_Block_Ethiopia" "SSL_VPN_Block_Netherlands" "SSL_VPN_Block_Netherlands_Antilles" "SSL_VPN_Block_Falkland_Islands" "SSL_VPN_Block_Faroe_Islands" "SSL_VPN_Block_Fiji" "SSL_VPN_Block_Finland" "SSL_VPN_Block_French_Guiana" "SSL_VPN_Block_French_Polnesia" "SSL_VPN_Block_FST" "SSL_VPN_Block_Gabon" "SSL_VPN_Block_Gambia" "SSL_VPN_Block_Georgia" "SSL_VPN_Block_Ghana" "SSL_VPN_Block_Gibraltar" "SSL_VPN_Block_Ginea-Bissau" "SSL_VPN_Block_Greenland" "SSL_VPN_Block_Grenada" "SSL_VPN_Block_Guadeloupe" "SSL_VPN_Block_guam" "SSL_VPN_Block_Guatemala" "SSL_VPN_Block_Guerney" "SSL_VPN_Block_Guinea" "SSL_VPN_Block_Guyana" "SSL_VPN_Block_Palestinain_Territory" "SSL_VPN_Block_Haiti" "SSL_VPN_Block_Heard_Islands" "SSL_VPN_Block_Holy_See" "SSL_VPN_Block_Honduras" "SSL_VPN_Block_Iceland" "SSL_VPN_Block_Isle_of_man" "SSL_VPN_Block_Jamacia" "SSL_VPN_Block_Jersey" "SSL_VPN_Block_Jordan" "SSL_VPN_Block_Kazakhstan" "SSL_VPN_Block_Kenya" "SSL_VPN_Block_Kiribati" "SSL_VPN_Block_Korea" "SSL_VPN_Block_Kosovo" "SSL_VPN_Block_Kuwait" "SSL_VPN_Block_Kyrgyzstan" "SSL_VPN_Block_Lao" "SSL_VPN_Block_Latvia" "SSL_VPN_Block_Lebanon" "SSL_VPN_Block_Lesotho" "SSL_VPN_Block_Libyan" "SSL_VPN_Block_Liechtenstein" "SSL_VPN_Block_Lithuania" "SSL_VPN_Block_Macao" "SSL_VPN_Block_Macedonia" "SSL_VPN_Block_Madagascar" "SSL_VPN_Block_Malawi" "SSL_VPN_Block_Maldives" "SSL_VPN_Block_Mali" "SSL_VPN_Block_Malta" "SSL_VPN_Block_Marshall_Islands" "SSL_VPN_Block_Martinique" "SSL_VPN_Block_Mauritania" "SSL_VPN_Block_Mauritius" "SSL_VPN_Block_Mayotte" "SSL_VPN_Block_Micronedia" "SSL_VPN_Block_Moldova" "SSL_VPN_Block_Monaco" "SSL_VPN_Block_Mongolia" "SSL_VPN_Block_Montenergo" "SSL_VPN_Block_Montserrat" "SSL_VPN_Block_Morocco" "SSL_VPN_Block_Mozambique" "SSL_VPN_Block_Myanmar" "SSL_VPN_Block_Turkey" "SSL_VPN_Block_Cyprus" "SSL_VPN_Block_Namibia" "SSL_VPN_Block_Nauru" "SSL_VPN_Block_Nepal" "SSL_VPN_Block_New_Caledonia" "SSL_VPN_Block_New_Zealand" "SSL_VPN_Block_Nicaragua" "SSL_VPN_Block_Niger" "SSL_VPN_Block_Nigeria" "SSL_VPN_Block_Norway" "SSL_VPN_Block_Pakistan" "SSL_VPN_Block_Panama" "SSL_VPN_Block_Paraguay" "SSL_VPN_Block_Peru" "SSL_VPN_Block_Philippines" "SSL_VPN_Block_Poland" "SSL_VPN_Block_Portugal" "SSL_VPN_Block_Puerto_rico" "SSL_VPN_Block_Reunion" "SSL_VPN_Block_Romania" "SSL_VPN_Block_Samoa" "SSL_VPN_Block_Saudi_Arabia" "SSL_VPN_Block_Serbia" "SSL_VPN_Block_Slovakia" "SSL_VPN_Block_Slovenia" "SSL_VPN_Block_Somalia" "SSL_VPN_Block_South_Africa" "SSL_VPN_Block_Sudan" "SSL_VPN_Block_Syrian_arab_republic" "SSL_VPN_Block_Thailand" "SSL_VPN_Block_Turks_and_cacios" "SSL_VPN_Block_Ukraine" "SSL_VPN_Block_United_Arab_Emirates" "SSL_VPN_Block_Uruguay" "SSL_VPN_Block_Venezuela" "SSL_VPN_Block_Vietnam" "SSL_VPN_Block_Virgin_islands_british" 1560 | edit "Block_SSL_Failed" 1561 | next 1562 | end 1563 | config system external-resource 1564 | edit "manual_blocked" 1565 | set type address 1566 | set resource "https://raw.githubusercontent.com/wallacebrf/dns/main/manual_block_list.txt" 1567 | set refresh-rate 60 1568 | next 1569 | edit "ASN_lists_blocked" 1570 | set type address 1571 | set resource "https://raw.githubusercontent.com/wallacebrf/dns/main/asn_block1.1.txt" 1572 | set refresh-rate 1440 1573 | next 1574 | end 1575 | config ips sensor 1576 | edit "Core_high_security" 1577 | set comment "Blocks all Critical/High/Medium and some Low severity vulnerabilities" 1578 | set block-malicious-url enable 1579 | set scan-botnet-connections block 1580 | config entries 1581 | edit 3 1582 | set rule 51391 1583 | set status enable 1584 | set action block 1585 | next 1586 | edit 1 1587 | set severity medium high critical 1588 | set status enable 1589 | set action block 1590 | next 1591 | edit 2 1592 | set severity low 1593 | next 1594 | end 1595 | next 1596 | end 1597 | config user group 1598 | edit "SSL-VPN_Admin" 1599 | set member "12345" 1600 | next 1601 | end 1602 | config vpn ssl web portal 1603 | edit "full-access" 1604 | set tunnel-mode enable 1605 | set ipv6-tunnel-mode enable 1606 | set web-mode enable 1607 | set limit-user-logins enable 1608 | set forticlient-download disable 1609 | set auto-connect enable 1610 | set keep-alive enable 1611 | set save-password enable 1612 | set ip-pools "SSLVPN_TUNNEL_ADDR1" 1613 | set split-tunneling disable 1614 | set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" 1615 | set ipv6-split-tunneling disable 1616 | next 1617 | edit "web-access" 1618 | set limit-user-logins enable 1619 | set forticlient-download disable 1620 | next 1621 | end 1622 | config vpn ssl settings 1623 | set status enable 1624 | set servercert "my_cert" 1625 | set idle-timeout 3600 1626 | set login-attempt-limit 5 1627 | set login-block-time 86400 1628 | set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" 1629 | set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" 1630 | set dns-server1 8.8.8.8 1631 | set dns-server2 1.1.1.1 1632 | set ipv6-dns-server1 2001:4860:4860::8888 1633 | set ipv6-dns-server2 2606:4700::1111 1634 | set port 443 1635 | set header-x-forwarded-for pass 1636 | set source-interface "WAN_to_LOOPBACK" 1637 | set source-address "all" 1638 | set source-address6 "all" 1639 | set default-portal "web-access" 1640 | config authentication-rule 1641 | edit 1 1642 | set groups "SSL-VPN_Admin" 1643 | set portal "full-access" 1644 | next 1645 | end 1646 | set hsts-include-subdomains enable 1647 | set dual-stack-mode enable 1648 | end 1649 | config firewall vip 1650 | edit "WAN_to_LOOPBACK" 1651 | set extip xxx.xxx.xxx.xxx 1652 | set mappedip "10.10.20.1" 1653 | set extintf "wan1" 1654 | set portforward enable 1655 | set extport 443 1656 | set mappedport 443 1657 | next 1658 | end 1659 | config firewall vip6 1660 | edit "WAN_to_LOOPBACK" 1661 | set extip xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx 1662 | set mappedip xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx 1663 | set portforward enable 1664 | set extport 443 1665 | set mappedport 443 1666 | next 1667 | end 1668 | config firewall policy 1669 | edit 15 1670 | set status enable 1671 | set name "SSL_VPN->APC" 1672 | set srcintf "ssl.root" 1673 | set dstintf "APC_VLAN20" 1674 | set action accept 1675 | set srcaddr "SSLVPN_TUNNEL_ADDR1" 1676 | set dstaddr "Device_IP_PDU_Server_Room" "Device_IP_PDU_Second_Floor_Livingroom" "Device_IP_PDU_Brian_Office" "Device_IP_APC_NMC_v3_First_Floor_Bedroom" "Device_IP_APC_NMC_v3_Second_Floor_Bedroom" "Device_IP_APC_NMC_v3_Utility" "Device_IP_APC_NMC_v3_Server_Room" "Device_IP_APC_NMC_v3_Second_Floor_Living_Room" "Device_IP_PDU_Fish_Tank_8" 1677 | set srcaddr6 "SSLVPN_TUNNEL_IPv6_ADDR1" 1678 | set dstaddr6 "Device_IP_APC_NMC_v3_First_Floor_Bedroom_IPv6" "Device_IP_APC_NMC_v3_Second_Floor_Bedroom_IPv6" "Device_IP_APC_NMC_v3_Second_Floor_Livingroom_IPv6" "Device_IP_APC_NMC_v3_Server_Room_IPv6" "Device_IP_APC_NMC_v3_Utility_IPv6" "Device_IP_PDU_Brian_Office_IPv6" "Device_IP_PDU_Second_Floor_Livingroom_IPv6" "Device_IP_PDU_Server_Room_IPv6" 1679 | set schedule "always" 1680 | set service "ALL" 1681 | set profile-protocol-options "Core_Proxy" 1682 | set logtraffic all 1683 | set logtraffic-start enable 1684 | set groups "SSL-VPN_Admin" 1685 | next 1686 | edit 17 1687 | set status enable 1688 | set name "SSLVPN-Core" 1689 | set srcintf "ssl.root" 1690 | set dstintf "lan" 1691 | set action accept 1692 | set srcaddr "SSLVPN_TUNNEL_ADDR1" 1693 | set dstaddr "all" 1694 | set srcaddr6 "SSLVPN_TUNNEL_IPv6_ADDR1" 1695 | set dstaddr6 "Device_IP_Synology_Server2_LAN2_IPv6" "Device_IP_Synology_Server_NVR_LAN4_IPv6" 1696 | set schedule "always" 1697 | set service "ALL" 1698 | set profile-protocol-options "Core_Proxy" 1699 | set logtraffic all 1700 | set logtraffic-start enable 1701 | set groups "SSL-VPN_Admin" 1702 | next 1703 | edit 20 1704 | set status enable 1705 | set name "SSLVPN-wan" 1706 | set srcintf "ssl.root" 1707 | set dstintf "wan1" 1708 | set action accept 1709 | set srcaddr "SSLVPN_TUNNEL_ADDR1" 1710 | set dstaddr "all" 1711 | set srcaddr6 "SSLVPN_TUNNEL_IPv6_ADDR1" 1712 | set dstaddr6 "all" 1713 | set schedule "always" 1714 | set service "ALL" 1715 | set utm-status enable 1716 | set inspection-mode proxy 1717 | set profile-protocol-options "Core_Proxy" 1718 | set ssl-ssh-profile "Core Certificate-inspection" 1719 | set av-profile "Core_Antivirus" 1720 | set webfilter-profile "Core_WebFilter" 1721 | set dnsfilter-profile "Core_DNS_Filter" 1722 | set logtraffic all 1723 | set logtraffic-start enable 1724 | set nat enable 1725 | set groups "SSL-VPN_Admin" 1726 | next 1727 | edit 54 1728 | set status enable 1729 | set name "SSL_VPN -> Switch_Manage" 1730 | set srcintf "ssl.root" 1731 | set dstintf "Switch_Manage" 1732 | set action accept 1733 | set srcaddr "SSLVPN_TUNNEL_ADDR1" 1734 | set dstaddr "all" 1735 | set srcaddr6 "SSLVPN_TUNNEL_IPv6_ADDR1" 1736 | set dstaddr6 "Device_IP_Switch_1st_floor_bedroom_IPv6" "Device_IP_Switch_Camera_Switch1_IPv6" "Device_IP_Switch_Second_Floor_Bedroom_IPv6" "Device_IP_Switch_Server_Room_IPv6" "Device_IP_Switch_Utility_Room_IPv6" 1737 | set schedule "always" 1738 | set service "ALL" 1739 | set profile-protocol-options "Core_Proxy" 1740 | set logtraffic all 1741 | set logtraffic-start enable 1742 | set groups "SSL-VPN_Admin" 1743 | next 1744 | edit 87 1745 | set status enable 1746 | set name "SSL_VPN --> IoTaWatt" 1747 | set srcintf "ssl.root" 1748 | set dstintf "iotawatt" 1749 | set action accept 1750 | set srcaddr "SSLVPN_TUNNEL_ADDR1" 1751 | set dstaddr "Device_IP_iotawatt1" "Device_IP_Shelly_Dimmer" "Device_IP_Shelly_Dimmer_Dave_Lamp" "Device_IP_Shelly_DUO_RGBW" "Device_IP_Shelly_Plug_Fish_Filter" "Device_IP_Shelly_Plug_Fish_Heater" "Device_IP_Shelly_Plug_Fish_Impell" "Device_IP_Shelly_Switch_1st_Floor" "Device_IP_Shelly_DUO_Master_bedroom" "Device_IP_Shelly_Megan_Terrarium_Bathroom" "Device_IP_Shelly_Megan_Terrarium_Office" "Device_IP_Shelly_Upstairs Heart Lights" "Device_IP_Shelly_Upstairs_Main_Light" "Device_IP_Shelly_Upstairs_Turkish_Lamp" "Device_IP_Shelly_Xmas_Story_Lamp" 1752 | set srcaddr6 "SSLVPN_TUNNEL_IPv6_ADDR1" 1753 | set dstaddr6 "none" 1754 | set schedule "always" 1755 | set service "HTTP" "HTTPS" 1756 | set profile-protocol-options "Core_Proxy" 1757 | set logtraffic all 1758 | set logtraffic-start enable 1759 | set groups "SSL-VPN_Admin" 1760 | next 1761 | edit 95 1762 | set status enable 1763 | set name "SSL_VPN_ASN_BLOCKED_IPv6" 1764 | set srcintf "wan1" 1765 | set dstintf "WAN_to_LOOPBACK" 1766 | set srcaddr6 "ASN_lists_blocked" 1767 | set dstaddr6 "WAN_to_LOOPBACK" 1768 | set schedule "always" 1769 | set service "ALL" 1770 | set logtraffic all 1771 | next 1772 | edit 93 1773 | set status enable 1774 | set name "SSL_VPN_MANUAL_BLOCKED_IPv6" 1775 | set srcintf "wan1" 1776 | set dstintf "WAN_to_LOOPBACK" 1777 | set srcaddr6 "manual_blocked" 1778 | set dstaddr6 "WAN_to_LOOPBACK" 1779 | set schedule "always" 1780 | set service "ALL" 1781 | set logtraffic all 1782 | next 1783 | edit 89 1784 | set status enable 1785 | set name "SSL_VPN_Loopback_IPv6_ONLY" 1786 | set srcintf "wan1" 1787 | set dstintf "WAN_to_LOOPBACK" 1788 | set action accept 1789 | set srcaddr6 "all" 1790 | set dstaddr6 "WAN_to_LOOPBACK" 1791 | set schedule "always" 1792 | set service "HTTPS" 1793 | set utm-status enable 1794 | set inspection-mode proxy 1795 | set profile-protocol-options "Core_Proxy" 1796 | set ssl-ssh-profile "certificate-inspection" 1797 | set ips-sensor "Core_high_security" 1798 | set logtraffic all 1799 | next 1800 | edit 90 1801 | set status enable 1802 | set name "SSL_VPN_BLOCK_GEOGRAPHY_IPv4" 1803 | set srcintf "wan1" 1804 | set dstintf "WAN_to_LOOPBACK" 1805 | set srcaddr "SSL_VPN_Block_Geography" 1806 | set dstaddr "WAN_to_LOOPBACK" 1807 | set schedule "always" 1808 | set service "ALL" 1809 | set logtraffic all 1810 | next 1811 | edit 88 1812 | set status enable 1813 | set name "SSL_VPN_Loopback_ISDB_IPv4" 1814 | set srcintf "wan1" 1815 | set dstintf "WAN_to_LOOPBACK" 1816 | set dstaddr "WAN_to_LOOPBACK" 1817 | set internet-service-src enable 1818 | set internet-service-src-name "Akamai-Linode.Cloud" "Alibaba-Alibaba.Cloud" "Amazon-Amazon.SES" "Amazon-AWS" "Amazon-AWS.GovCloud.US" "Atlassian-Atlassian.Cloud" "BinaryEdge-Scanner" "Botnet-C&C.Server" "Bunny.net-CDN" "Cisco-Meraki.Cloud" "Cloudflare-CDN" "CriminalIP-Scanner" "Cyber.Casa-Scanner" "Datadog-Datadog" "Extreme-Extreme.Cloud" "Five9-Five9" "Google-Google.Bot" "GTHost-Dedicated.Instant.Servers" "Hetzner-Hetzner.Hosting.Service" "Hosting-Bulletproof.Hosting" "Hurricane.Electric-Hurricane.Electric.Internet.Services" "Imperva-Imperva.Cloud.WAF" "Ingenuity-Ingenuity.Cloud.Service" "Internet.Census.Group-Scanner" "Malicious-Malicious.Server" "Medianova-CDN" "Microsoft-Bing.Bot" "NetScout-Scanner" "NodePing-NodePing.Probe" "Okta-Okta" "Phishing-Phishing.Server" "Proxy-Proxy.Server" "Qualys-Qualys.Cloud.Platform" "Shodan-Scanner" "Skyhigh.Security-Secure.Web.Gateway" "SolarWinds-Pingdom.Probe" "SolarWinds-SolarWinds.RMM" "SolarWinds-SpamExperts" "Stark.Industries-Stark.Industries.Hosting.Service" "StatusCake-StatusCake.Monitor" "Stretchoid-Scanner" "Tenable-Tenable.io.Cloud.Scanner" "Tor-Exit.Node" "Tor-Relay.Node" "VPN-Anonymous.VPN" "8X8-8X8.Cloud" "Adobe-Adobe.Sign" "Akamai-CDN" "Apple-APNs" "Atlassian-Atlassian.Notification" "Azion-Azion.Platform" "CacheFly-CDN" "Cato-Cato.Cloud" "CDN77-CDN" "Censys-Scanner" "Cisco-Secure.Endpoint" "ColoCrossing-ColoCrossing.Hosting.Service" "DigitalOcean-DigitalOcean.Platform" "Edgio-CDN" "Fastly-CDN" "GCore.Labs-CDN" "Gigas-Gigas.Cloud" "GitHub-GitHub" "Google-Gmail" "Google-Google.Cloud" "INAP-INAP" "InterneTTL-Scanner" "Jamf-Jamf.Cloud" "Kakao-Kakao.Services" "LaunchDarkly-LaunchDarkly.Platform" "LeakIX-Scanner" "Microsoft-Azure" "Microsoft-Azure.AD" "Microsoft-Azure.Data.Factory" "Microsoft-Azure.Monitor" "Microsoft-Azure.Power.BI" "Microsoft-Azure.SQL" "Microsoft-Azure.Virtual.Desktop" "Microsoft-Dynamics" "Microsoft-Office365.Published" "Microsoft-Office365.Published.Allow" "Microsoft-Office365.Published.Optimize" "Microsoft-Office365.Published.USGOV" "Microsoft-Outlook" "Microsoft-Skype_Teams" "Microsoft-Teams.Published.Worldwide.Allow" "Microsoft-Teams.Published.Worldwide.Optimize" "Microsoft-WNS" "Mimecast-Mimecast" "NetDocuments-NetDocuments.Platform" "Netskope-Netskope.Cloud" "Neustar-UltraDNS.Probes" "NewRelic-Synthetic.Monitor" "Nice-CXone" "Oracle-Oracle.Cloud" "OVHcloud-OVHcloud" "Paylocity-Paylocity" "Performive-Performive.Cloud" "Recyber-Scanner" "RedShield-RedShield.Cloud" "Salesforce-Email.Relay" "SAP-SAP.Ariba" "Sendgrid-Sendgrid.Email" "SentinelOne-SentinelOne.Cloud" "Shadowserver-Scanner" "Shopify-Shopify" "Sinch-Mailgun" "Slack-Slack" "Spam-Spamming.Server" "StackPath-CDN" "Tencent-VooV.Meeting" "Twilio-Elastic.SIP.Trunking" "UK.NCSC-Scanner" "UptimeRobot-UptimeRobot.Monitor" "VadeSecure-VadeSecure.Cloud" "Veritas-Enterprise.Vault.Cloud" "Vonage-Vonage.Contact.Center" "Voximplant-Voximplant.Platform" "xMatters-xMatters.Platform" "Zendesk-Zendesk.Suite" "Zoho-Site24x7.Monitor" "Zoom.us-Zoom.Meeting" 1819 | set schedule "always" 1820 | set service "ALL" 1821 | set logtraffic all 1822 | next 1823 | edit 96 1824 | set status enable 1825 | set name "SSL_VPN_ASN_BLOCKED_IPv4" 1826 | set srcintf "wan1" 1827 | set dstintf "WAN_to_LOOPBACK" 1828 | set srcaddr "ASN_lists_blocked" 1829 | set dstaddr "WAN_to_LOOPBACK" 1830 | set schedule "always" 1831 | set service "ALL" 1832 | set logtraffic all 1833 | next 1834 | edit 91 1835 | set status enable 1836 | set name "SSL_VPN_AUTO_BLOCK_IPv4" 1837 | set srcintf "wan1" 1838 | set dstintf "WAN_to_LOOPBACK" 1839 | set srcaddr "Block_SSL_Failed" 1840 | set dstaddr "WAN_to_LOOPBACK" 1841 | set schedule "always" 1842 | set service "ALL" 1843 | set logtraffic all 1844 | next 1845 | edit 92 1846 | set status enable 1847 | set name "SSL_VPN_MANUAL_BLOCKED_IPv4" 1848 | set srcintf "wan1" 1849 | set dstintf "WAN_to_LOOPBACK" 1850 | set srcaddr "manual_blocked" 1851 | set dstaddr "WAN_to_LOOPBACK" 1852 | set schedule "always" 1853 | set service "ALL" 1854 | set logtraffic all 1855 | next 1856 | edit 94 1857 | set status enable 1858 | set name "SSL_VPN_ALLOWED_IPv4" 1859 | set srcintf "wan1" 1860 | set dstintf "WAN_to_LOOPBACK" 1861 | set action accept 1862 | set srcaddr "all" 1863 | set dstaddr "WAN_to_LOOPBACK" 1864 | set schedule "always" 1865 | set service "HTTPS" 1866 | set utm-status enable 1867 | set inspection-mode proxy 1868 | set profile-protocol-options "Core_Proxy" 1869 | set ssl-ssh-profile "certificate-inspection" 1870 | set ips-sensor "Core_high_security" 1871 | set logtraffic all 1872 | next 1873 | end --------------------------------------------------------------------------------