Is there a way that we can add https://ip-ranges.amazonaws.com/ip-ranges.json to the ip list?
I cant find any list in the required format.
Thanks.
To list the ipv4 networks:
curl -sS -L https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[]|.ip_prefix'
To list the ipv6 networks:
curl -sS -L https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.ipv6_prefixes[]|.ipv6_prefix'
If you want to add for example aws ipv4 ranges to ipset in Hestia.
mkdir /var/lib/ipset/
cd /var/lib/ipset/
touch aws-v4.sh
chmod +x aws-v4.sh
Now edit the file aws-v4.sh and add this:
#!/usr/bin/env bash
CURL='/usr/bin/curl'
JQ='/usr/bin/jq'
SORT='/usr/bin/sort'
AWS_RANGE='https://ip-ranges.amazonaws.com/ip-ranges.json'
"$CURL" -sS -L "$AWS_RANGE" | "$JQ" -r '.prefixes[]|.ip_prefix' | "$SORT" -nu
Save the file and now add the ipset to Hestia.
v-add-firewall-ipset aws-v4 "script:/var/lib/ipset/aws-v4.sh" v4 yes yes
If no errors, then the ipset aws-v4 has been created and Hestia will update it every day. You can check the ipset created in Hestia with this command
v-list-firewall-ipset
And you will see one line like this:
aws-v4 v4 yes no script:/var/lib/ipset/aws-v4.sh 20:25:06 2024-06-07
You can also check the ipset with this command:
ipset list aws-v4 | head -n7
And you will see this output (today the number of entries has been 7618):
Name: aws-v4
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 1048576 bucketsize 12 initval 0x62f3f906
Size in memory: 207264
References: 0
Number of entries: 7618
Now you could use the ipset aws-v4 in your firewall rules.
2 Likes
Thanks i was looking for this.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.