Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Azure/Amazon IP Ranges

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kuberan
      last edited by

      Good Day All

      Is there a way to add into "Firewall Aliases URLs" the range of IPs from an Azure xml file. This is also an issue with Office365. What would be the best practice for this? This file is updated weekly https://www.microsoft.com/en-us/download/details.aspx?id=41653 and so is the IP list for Office365. Is there a tool that would convert the xml file and then insert it into the Aliases of pfSesne? Or can I reference the file directly?
      I have the very same issue with Amazon (AWS).

      I have searched the Forums and I have seen many topics about URL Aliases but none that addresses it with the file in an XML format.

      Thank
      Kuberan

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        To my knowledge, there is no tool which does this. You can find the settings for your firewall in /cf/conf/config.xml. As the name implies, the config file is an XML. You can open this to examine the structure. A section of this, marked <aliases>, is where you'll see existing alias entries. You could write a Perl or bash script which could format the downloaded Azure IP list, manipulate it into the correct format for the PFS config file and insert them into it. Once done, you can then run /etc/rc.reload_all to update the firewall with the changes just made. I've not done something like this myself, so you'd be best advised to try this on a test firewall first. There is also the matter of downloading the list from Microsoft automatically. I would normally advise using wget, but I don't know if there's a direct link to allow the file to be pulled down in this way.</aliases>

        1 Reply Last reply Reply Quote 0
        • K
          kuberan
          last edited by

          There is not a direct link… I will look at what you suggested... although it is not the ideal solution for this.

          Thanks

          1 Reply Last reply Reply Quote 0
          • K
            kuberan
            last edited by

            I see that this Firewall -> Aliases -> Bulk import is a possible solution to copy and paste the list of IP addresses…
            Anyone know how it will manage updates?

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              You can download this file from the shell and parse the IPs with shell script, or use pfBlockerNG…

              [ MScsv ]		 Downloading update .. 200 OK. completed ..
              
                Aggregation Stats:
                ------------------
                Original Final      
                ------------------
                2568     1865       
                ------------------
              

              However, they don't provide a static download address, since the file name has a date:

              https://download.microsoft.com/download/0/1/8/018E208D-54F8-44CD-AA26-CD7BC9524A8C/PublicIPs_20161003.xml
              

              FYI, the file is also broken down into Regions…

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.