OPNsense Forum

English Forums => General Discussion => Topic started by: doug.dimick on January 02, 2020, 11:46:48 pm

Title: Updated Python script to whois BGP ASNs and get a list of network blocks.
Post by: doug.dimick on January 02, 2020, 11:46:48 pm

It's probably not a very common use case, but I need the ability to make policy routing decisions to destination networks owned by specific organizations. On pfS I was using pfBNG to resolve BGP Autonomous System numbers to network blocks, as this isn't a core feature for pFs either.

There are some old threads here (https://forum.opnsense.org/index.php?topic=6834.0) and here (https://forum.opnsense.org/index.php?topic=5964.msg31007#msg31007) discussing it, and the base code contributed by NilsS (https://forum.opnsense.org/index.php?action=profile;u=16415) that I built off of can be found there.

What I've done since then is made it work with Python 3, but also made it a bit easier to use and added a method to call it via http. This means you can self-host the script, and feed/update OPNsense aliases automatically.

Personally, I run it as a Docker container, but there's no requirement to use Docker. All you need is python with Flask ("pip install Flask", if you don't have it already). There are some public services that can do this as well, but I prefer to run my own just in case I accidentally run into API limits or the service unexpectedly disappears.

I readily admit that I can barely code my way out of a paper bag. I feel like what I did with Flask is clunky as hell, but it works. PRs welcome.

https://github.com/ddimick/asn-to-ip
https://hub.docker.com/r/ddimick/asn-to-ip

Title: Re: Updated Python script to whois BGP ASNs and get a list of network blocks.
Post by: Marcel_75 on April 21, 2020, 02:59:23 am

Hi,

if I do understand this correct, this way I cloud translate a ASN list like this https://www.spamhaus.org/drop/asndrop.txt to get a plain list of ipv4 adresses to use them as URL Table (IPs) inside the Aliases of my OPNsense Firewall?

Found your post as I'am searching for an easy way to use the Spamhaus asndrop.txt linked above.

Or is there another way to block these ASNs?

Thx for help & all the best,
Marcel

Title: Re: Updated Python script to whois BGP ASNs and get a list of network blocks.
Post by: hbc on April 21, 2020, 03:46:52 pm

Quote from: doug.dimick on January 02, 2020, 11:46:48 pm

It's probably not a very common use case, but I need the ability to make policy routing decisions to destination networks owned by specific organizations. On pfS I was using pfBNG to resolve BGP Autonomous System numbers to network blocks, as this isn't a core feature for pFs either.

Can you use aliases for pbr? Then an url table alias with http://asn.blawk.net/<ASN>, e.g. http://asn.blawk.net/2906 could simplify your work.