Automated Firewalla MSP Target List Updates for ASNs
One of my use-cases of target lists is to replicate complete IP ranges based on ASN's (Autonomous System Numbers). To automate this (and keep these lists updated) I wrote a small script that will fetch all target lists from your MSP account, look for ASN's in the name, and updates them with the current IP ranges of the respective ASN.
You could for example create a new target list named "Hurricane Electric: AS6939" and the script would pull and update it with the roughly 630 IP prefixes currently registered under that ASN.
An early release is available here: https://github.com/johannrichard/firewalla-msp-target-list-updater/releases
Before using it, you might want to run it with `--dry-run` mode. Please consult the release notes and README for more details.
DISCLAIMER: The script makes use of the BGP Tools API (https://bgp.tools/kb/api). You are in particular responsible to ensure fair use of their services. The script does cache the ASN or PREFIX data locally and updates them in accordance with the update schedule of BGP Tools (24h for ASN names, max every 30 min for Prefix data). Please make sure you use it responsibly and according to the fair use policy. This script will also modify your MSP target lists.
It is provided 'as-is' without any warranties, and the authors are not liable for any damages resulting from its use.
-
In Remote work settings, you might want certain traffic (e.g. to corporate IP blocks) to run through specific WANs (or VPN’s) whereas most other traffic can happily be routed through another route.
Other uses are indeed blocks for Facebook or other services, or routing *all traffic* to / from them through specific interfaces.
Maybe often a bit of an overkill over domain-based rules but certainly useful for specific cases.
Please sign in to leave a comment.
Comments
2 comments