cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Bash script to show IP ranges for countrys from GeoProtection (new version)

This script lists all country entries from the file ip2country. csv and displays the countries sorted for R80.10.
The country code can then be insert. For the selected country all IP Ranges are displayed.

So you can find all IP range, which are blocked by GeoProtection for a country.

 

 

Script:

#!/bin/bash
dec2ip() {
local ip dec=$@
delim=""
for e in {3..0}
do
((octet = dec / (256 ** e) ))
((dec -= octet * 256 ** e))
ip+=$delim$octet
delim=.
done
printf '%s' "$ip"
}

echo count CN country name
echo ----------------------------------------------------
more /opt/CPrt-R80/conf/ip2country.csv | awk '{print $6 " " $7} ' FS=',' | sort | uniq -c |sed 's/"//g'
read -p "Please insert country : " name
echo Find network with country : $name
if [ "$name" != "" ]
then
more /opt/CPrt-R80/conf/ip2country.csv |grep $name > _temp.txt
declare -i index
index=0
for i in $(cat _temp.txt ); do
ip123=$( echo $i |grep $name | awk '{print $1}' FS=',' |sed 's/"//g')
net123=$( echo $i |grep $name | awk '{print $2}' FS=',' |sed 's/"//g')
if [ "$ip123" != "" ]
then
# echo $ip123
index=$index+1
printf '%s' "$name $index # "
dec2ip $ip123
# echo $net123
printf '%s' " - "
dec2ip $net123
printf '%s\n' ""
fi
done;
fi

 

Version:

 + version 0.4 06-02-2018 - bug fix
  + version 0.5 09-03-2018 - bug fix
  + version 0.6 18-03-2018 - new feature
  + new version 0.9 06-04-2018 - new feature

4 Replies

Re: Bash script to show IP ranges for countrys from GeoProtection (new version)

I would like to extend the script so that a firewall object is created automatically. Firewall range objects and then a group of all range objects.

This allows you to use regional country settings in firewall rules.

Regards,

Heiko

Re: Bash script to show IP ranges for countrys from GeoProtection (new version)

An even better idea would be to combine the ip2country.csv and the efforts for automatically updated dynamic cloud services (like O365, which is in EA -> Dynamic Objects in R80.10)

With that one would have the possibility to use dynamic objects with predefined names like "Geo_Protection_<Country>" or whatever to use them in the policy.

Re: Bash script to show IP ranges for countrys from GeoProtection (new version)

Good idea!

If I have some time, I will extend the script:-)

Regards,

Heiko

Re: Bash script to show IP ranges for countrys from GeoProtection (new version)

Have you developed this further yet?