[PATCH abused] rules: add Google Cloud IP addresses
Export this patch
From: Moritz Poldrack <git@moritz.sh>
Google not only provides IPs to internet users, it also provides
customers with IP access through their Google Cloud Products. This adds
the IPs for the latter to be part of the blocklist.
Link: https://support.google.com/a/answer/10026322?hl=en
Signed-off-by: Moritz Poldrack <git@moritz.sh>
---
This adds 500+ additional IP ranges to the blocklist.
rules/commercial-isp.go | 47 +++++++++++++++++++++++++++++++++++------
1 file changed, 41 insertions(+), 6 deletions(-)
diff --git a/rules/commercial-isp.go b/rules/commercial-isp.go
index b4a141a..8a1e347 100644
--- a/rules/commercial-isp.go
+++ b/rules/commercial-isp.go
@@ -20,9 +20,10 @@ import (
// These providers offer dumps of their prefixes
const (
- AWS_URL string = "https://ip-ranges.amazonaws.com/ip-ranges.json"
- GCP_URL string = "https://www.gstatic.com/ipranges/goog.json"
- VULTR_URL string = "https://geofeed.constant.com/?json"
+ AWS_URL string = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+ GOOGLE_URL string = "https://www.gstatic.com/ipranges/goog.json"
+ GCP_URL string = "https://www.gstatic.com/ipranges/cloud.json"
+ VULTR_URL string = "https://geofeed.constant.com/?json"
)
type AWSPayload struct {
@@ -149,7 +150,7 @@ func (rule *CommercialISPRule) UpdateAWS(ctx context.Context) error {
func (rule *CommercialISPRule) UpdateGCP(ctx context.Context) error {
rule.log.Println("Updating list of GCP networks")
- resp, err := http.Get(GCP_URL)
+ resp, err := http.Get(GOOGLE_URL)
if err != nil {
return err
}
@@ -181,7 +182,41 @@ func (rule *CommercialISPRule) UpdateGCP(ctx context.Context) error {
rule.trie.Insert(cidranger.NewBasicRangerEntry(*subnet))
}
}
- rule.log.Printf("Found %d GCP subnets", len(dump.Prefixes))
+ rule.log.Printf("Found %d Google subnets", len(dump.Prefixes))
+ googleHits := len(dump.Prefixes)
+
+ resp, err = http.Get(GCP_URL)
+ if err != nil {
+ return err
+ }
+ defer resp.Body.Close()
+ body, err = io.ReadAll(resp.Body)
+ if err != nil {
+ return err
+ }
+
+ err = json.Unmarshal(body, &dump)
+ if err != nil {
+ return err
+ }
+
+ for _, prefix := range dump.Prefixes {
+ if prefix.IPv4Prefix != nil {
+ _, subnet, err := net.ParseCIDR(*prefix.IPv4Prefix)
+ if err != nil {
+ return err
+ }
+ rule.trie.Insert(cidranger.NewBasicRangerEntry(*subnet))
+ }
+ if prefix.IPv6Prefix != nil {
+ _, subnet, err := net.ParseCIDR(*prefix.IPv6Prefix)
+ if err != nil {
+ return err
+ }
+ rule.trie.Insert(cidranger.NewBasicRangerEntry(*subnet))
+ }
+ }
+ rule.log.Printf("Found %d GCP subnets", len(dump.Prefixes)-googleHits)
task := work.NewTask(rule.UpdateGCP).
NotBefore(time.Now().Add(48 * time.Hour))
--
2.43.2
Thanks!
To git@git.sr.ht:~sircmpwn/abused
0907ebd..3d47779 master -> master