Makuckn wrote:A script. See the example below where I modify an address group with a script. For white-/blacklisting it's enough to set up one rule which accepts/rejects/drops all traffic originating from the appropriate address group.
#!/bin/vbash run=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper whitelist=$(curl -s https://www.statuscake.com/API/Locations/txt) #begin config session $run begin #clear group statuscake echo "Clearing group statuscake .." $run delete firewall group address-group statuscake $run set firewall group address-group statuscake #add IP addresses from whitelist for IP in $whitelist do echo "Adding $IP to group statuscake .." $run set firewall group address-group statuscake address $IP done #commit changes and end config session echo "Commit and save" $run commit $run save $run end
Ahhhh there's a wrapper. Perfect, just what I was looking for - thanks!
This will make GEOIP blocking much, much easier 