IPFire network object creator for IPv4 addresses based on ASN information

maloe ee9c91265c update to v0.8.1 1 year ago
iprange b370a3873f iprange executables 1 year ago
LICENSE 54907004b9 Initial commit 6 years ago
README.md 1e33688d33 update to v0.8.0 1 year ago
asn_ipfire.sh ee9c91265c update to v0.8.1 1 year ago
asn_script.conf ee9c91265c update to v0.8.1 1 year ago
changelog.md ee9c91265c update to v0.8.1 1 year ago

README.md

ASN_IPFire_Script

IPFire network object creator for IPv4 addresses based on ASN information.

The script collects ASN numbers, registered by / assigned to a company and then creates a corresponding list of IPv4 networks. This list of IPv4 networks is then automatically included into IPFire firewall groups (networks and network/host groups). These groups can be used in the IPFire firewall settings to simply block whole company networks.

For detailed description please read the article on Kuketz-Blog: ASN-Skript: Datensammler haben ausgeschnüffelt – IPFire Teil3 or see the Wiki page.

Originally this script was invented and started by Mike Kuketz. He also wrote similar scripts to use same IPv4 networks lists in other output formats to be used directly with tools like iptables and Android AFWall+. These separate tools have been integrated into one single script with further optimizations and additional features.
By default asn_ipfire.sh creates entries for IPFire, but custom specific output options for other applications are possible:

  • IPFire Groups (default)
  • custom specific formats (for iptables, AFWall+,...)
  • pure asn or network list

The script is intended to be run on an IPFire installation, but it is also running on other Linux distributions as well as on Android terminals (root needed).


Update to version 0.8

Compatibility break! From version 0.8.0 on, the options "--iptable" and "--afwall" have been removed as well as the corresponding default output file names. Results will now be written to the output file "asn_result.lst" by default. A custom specific filename is still possible via the configuration file. In the template configuration file examples are given, how to get the same results as from the removed options. These changes are irrelevant for the ipfire mode.

New option "--iprange" has been implemented which significantly speed up the consolidation of big networks. This parameter makes use of the external tool iprange from The FireHol Project. An executable iprange is provided for AMD64 and ARM64 architecture, to be placed in the script folder by default. But it is recommended to build it by yourself according to the instructions on the developers Github page.

When updating from older versions, please consider the notes in the changelog


Usage

Type asn_ipfire.sh --help or see the Wiki.


License

This script is under GNU GPL v3

Copyright 2017-2023 Mike Kuketz, maloe

To support open source software and fair use, kindly refer to the origin authors and source if you copy and modify this script (i.e. keep the origin header).


Change log

See the changelog file