Updated Python script to whois BGP ASNs and get a list of network blocks.

Started by doug.dimick, January 02, 2020, 11:46:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 02, 2020, 11:46:48 PM Last Edit: January 02, 2020, 11:49:40 PM by doug.dimick
It's probably not a very common use case, but I need the ability to make policy routing decisions to destination networks owned by specific organizations. On pfS I was using pfBNG to resolve BGP Autonomous System numbers to network blocks, as this isn't a core feature for pFs either.

There are some old threads here and here discussing it, and the base code contributed by NilsS that I built off of can be found there.

What I've done since then is made it work with Python 3, but also made it a bit easier to use and added a method to call it via http. This means you can self-host the script, and feed/update OPNsense aliases automatically.

Personally, I run it as a Docker container, but there's no requirement to use Docker. All you need is python with Flask ("pip install Flask", if you don't have it already). There are some public services that can do this as well, but I prefer to run my own just in case I accidentally run into API limits or the service unexpectedly disappears.

I readily admit that I can barely code my way out of a paper bag. I feel like what I did with Flask is clunky as hell, but it works. PRs welcome.

https://github.com/ddimick/asn-to-ip
https://hub.docker.com/r/ddimick/asn-to-ip
April 21, 2020, 02:59:23 AM #1
Hi,

if I do understand this correct, this way I cloud translate a ASN list like this https://www.spamhaus.org/drop/asndrop.txt to get a plain list of ipv4 adresses to use them as URL Table (IPs) inside the Aliases of my OPNsense Firewall?

Found your post as I'am searching for an easy way to use the Spamhaus asndrop.txt linked above.

Or is there another way to block these ASNs?

Thx for help & all the best,
Marcel
The fact that we live at the bottom of a deep gravity well, on the surface of a gas covered planet going around a nuclear fireball 90 million miles away and think this to be normal is obviously some indication of how skewed our perspective tends to be. (Douglas Adams)
April 21, 2020, 03:46:52 PM #2
Quote from: doug.dimick on January 02, 2020, 11:46:48 PM
It's probably not a very common use case, but I need the ability to make policy routing decisions to destination networks owned by specific organizations. On pfS I was using pfBNG to resolve BGP Autonomous System numbers to network blocks, as this isn't a core feature for pFs either.

Can you use aliases for pbr? Then an url table alias with http://asn.blawk.net/<ASN>, e.g. http://asn.blawk.net/2906 could simplify your work.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Go Up Pages1
User actions