Add AWS IP Ranges to "IPSet IP Lists"

Is there a way that we can add https://ip-ranges.amazonaws.com/ip-ranges.json to the ip list?
I cant find any list in the required format.
Thanks.

To list the ipv4 networks:

curl -sS -L https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[]|.ip_prefix'

To list the ipv6 networks:

curl -sS -L https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.ipv6_prefixes[]|.ipv6_prefix'

If you want to add for example aws ipv4 ranges to ipset in Hestia.

mkdir /var/lib/ipset/
cd /var/lib/ipset/
touch aws-v4.sh
chmod +x aws-v4.sh

Now edit the file aws-v4.sh and add this:

#!/usr/bin/env bash
CURL='/usr/bin/curl'
JQ='/usr/bin/jq'
SORT='/usr/bin/sort'
AWS_RANGE='https://ip-ranges.amazonaws.com/ip-ranges.json'

"$CURL" -sS -L "$AWS_RANGE" | "$JQ" -r '.prefixes[]|.ip_prefix' | "$SORT" -nu

Save the file and now add the ipset to Hestia.

v-add-firewall-ipset aws-v4 "script:/var/lib/ipset/aws-v4.sh" v4 yes yes

If no errors, then the ipset aws-v4 has been created and Hestia will update it every day. You can check the ipset created in Hestia with this command

v-list-firewall-ipset

And you will see one line like this:

aws-v4    v4   yes  no  script:/var/lib/ipset/aws-v4.sh          20:25:06  2024-06-07

You can also check the ipset with this command:

ipset list aws-v4 | head -n7

And you will see this output (today the number of entries has been 7618):

Name: aws-v4
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 1048576 bucketsize 12 initval 0x62f3f906
Size in memory: 207264
References: 0
Number of entries: 7618

Now you could use the ipset aws-v4 in your firewall rules.

2 Likes

Thanks i was looking for this.

1 Like