corbanworks / aws-blocker Goto Github PK

I got the latest script and tried to execute it using:

sudo ./aws-blocker

And I got the following error:

2 compile errors
error: join is not defined
[ .ipv6_prefixes[] ] | group_by(.ipv6_prefix) | map({ "ip": .[0].ipv6_prefix, "regions": map(.region) | 
unique, "services": map(.service) | unique }) | .[] | .ip + " \"" + (.regions | sort | join (", ")) + "\" \"" + 
(.services | sort | join (", ")) + "\""
                                                                                                                                                                                           
^^^^
error: join is not defined
[ .ipv6_prefixes[] ] | group_by(.ipv6_prefix) | map({ "ip": .[0].ipv6_prefix, "regions": map(.region) | 
unique, "services": map(.service) | unique }) | .[] | .ip + " \"" + (.regions | sort | join (", ")) + "\" \"" + 
(.services | sort | join (", ")) + "\""
                                                                                                                                                                                                                                        
^^^^
2 compile errors

I'm on ubuntu, and /usr/bin/join is there. I checked the $PATH for root, and it has /usr/bin on the path. So I'm not sure why it can't find it.

1. Do you know the IP addresses of other cloud service providers?

2. Can you extend current published AWS IP address count to include IPv6?

After blocking/banning there should be a way to undo it. ;)

I never used iptables as command-line, but I think this is the solution?
# iptables -F AWS

I found after a week or so of blocking AWS, it was preventing https certifications from renewing (letsencrypt.org), causing certbot renew operations to fail with "connection refused" when their "multi-perspective" validation checks tried to come in from different locations to verify our webserver, some of which are apparently AWS originated and REJECT'ed.

It'd be good if there was a simple option to the script to 'unban' all the AWS chains.

Can't access https://ip-ranges.amazonaws.com/ip-ranges.json after running the script.
It should add an exception to the set of rules

I ran this simply with bash aws-blocker which ought to block everything from https://ip-ranges.amazonaws.com/ip-ranges.json only, however it seems to have blocked everything all connections - how would that happen?

54.157.217.95

Shows as ec2-54-157-217-95.compute-1.amazonaws.com according to various IP lookup sites but amazon denies it according to their JSON. I know its not part of this package... but any idea what's going on here?