corbanworks / aws-blocker Goto Github PK
View Code? Open in Web Editor NEWA simple bash script to block all AWS IP ranges using iptables.
License: The Unlicense
A simple bash script to block all AWS IP ranges using iptables.
License: The Unlicense
I got the latest script and tried to execute it using:
sudo ./aws-blocker
And I got the following error:
2 compile errors
error: join is not defined
[ .ipv6_prefixes[] ] | group_by(.ipv6_prefix) | map({ "ip": .[0].ipv6_prefix, "regions": map(.region) |
unique, "services": map(.service) | unique }) | .[] | .ip + " \"" + (.regions | sort | join (", ")) + "\" \"" +
(.services | sort | join (", ")) + "\""
^^^^
error: join is not defined
[ .ipv6_prefixes[] ] | group_by(.ipv6_prefix) | map({ "ip": .[0].ipv6_prefix, "regions": map(.region) |
unique, "services": map(.service) | unique }) | .[] | .ip + " \"" + (.regions | sort | join (", ")) + "\" \"" +
(.services | sort | join (", ")) + "\""
^^^^
2 compile errors
I'm on ubuntu, and /usr/bin/join is there. I checked the $PATH
for root, and it has /usr/bin on the path. So I'm not sure why it can't find it.
Do you know the IP addresses of other cloud service providers?
Can you extend current published AWS IP address count to include IPv6
?
After blocking/banning there should be a way to undo it. ;)
I never used iptables as command-line, but I think this is the solution?
# iptables -F AWS
I found after a week or so of blocking AWS, it was preventing https certifications from renewing (letsencrypt.org), causing certbot renew
operations to fail with "connection refused" when their "multi-perspective" validation checks tried to come in from different locations to verify our webserver, some of which are apparently AWS originated and REJECT'ed.
It'd be good if there was a simple option to the script to 'unban' all the AWS chains.
Can't access https://ip-ranges.amazonaws.com/ip-ranges.json
after running the script.
It should add an exception to the set of rules
I ran this simply with bash aws-blocker
which ought to block everything from https://ip-ranges.amazonaws.com/ip-ranges.json only, however it seems to have blocked everything all connections - how would that happen?
54.157.217.95
Shows as ec2-54-157-217-95.compute-1.amazonaws.com according to various IP lookup sites but amazon denies it according to their JSON. I know its not part of this package... but any idea what's going on here?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.