Allow IPs via rss feed

Post Reply
ColumbusGEEK
Junior Member
Posts: 12
Joined: 10 Apr 2010, 01:11

Allow IPs via rss feed

Post by ColumbusGEEK »

I use Pingdom to monitor my servers uptime across the globe. On occasion I see an IP from one of their locations get's banned for scanning the server. Normally one would just pop in the IP address that get's blocked in the ignore list and move on, but in this case they have hundreds of IPs across the world that ping the server. How can I automate this so the IPs they use get added to my ignore file?

They provide a rss feed of the IPs they use.

Code: Select all

https://www.pingdom DOT com/rss/probe_servers.xml


Is there something inside csf I can use already to do this, or will I have to take the rss feed, strip the info and do something tricky with it for this to work?

thanks in advance for any suggestions.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: Allow IPs via rss feed

Post by chirpy »

You would need to use the GLOBAL_ALLOW function which only accepts a text file with one IP address per line, so you would have to preprocess the RSS feed before csf can use it.
ColumbusGEEK
Junior Member
Posts: 12
Joined: 10 Apr 2010, 01:11

Re: Allow IPs via rss feed

Post by ColumbusGEEK »

That what I was thinking.
Is it possible to reference two global allow files so I do not have to worry about breaking my existing one? GLOBAL_ALLOW and GLOBAL_ALLOW_CUSTOM for example?

I know this isn't your responsibility, but any ideas on how to pre-process the xml into a text? I'll look into it further but was just curious of your opinion.
ColumbusGEEK
Junior Member
Posts: 12
Joined: 10 Apr 2010, 01:11

Re: Allow IPs via rss feed

Post by ColumbusGEEK »

I wasnt able to come up with an automated solution. I threw the most recent rss feed into a text editor, stripped out everything but the ip addresses from Pingdom and dumped that into my global whitelist.
Pingdom RSS feed.
https://www.pingdom.com/rss/probe_servers.xml

If anybody wants the list, here you go.

Code: Select all

###############################################
# pingdom.com servers
# updated Fri, 02 Mar 2012 23:40:02 +0100
###############################################
46.165.195.139
69.59.28.19
178.255.154.2
178.255.153.2
178.255.155.2
178.255.152.2
64.141.100.136
212.84.74.156
173.204.85.217
50.23.94.74
46.20.45.18
199.87.228.66
76.72.167.90
94.247.174.83
69.64.56.47
176.31.228.137
184.75.210.186
108.62.115.226
94.46.4.1
173.248.147.18
72.46.130.42
74.53.193.66
74.52.50.50
83.170.113.102
95.211.87.85
207.218.231.170
207.97.207.200
67.192.120.134
78.136.27.223
204.152.200.42
85.25.176.167
174.34.162.242
94.46.240.121
208.43.68.59
67.228.213.178
64.237.55.3
82.103.128.63
174.34.156.130
70.32.40.2
67.205.112.79
96.31.66.245
##############################################
# pingdom servers
##############################################
diegors
Junior Member
Posts: 16
Joined: 09 Mar 2012, 16:02

Re: Allow IPs via rss feed

Post by diegors »

Hi.
Yesterday, I found a site with the answers.
I was looking for also.

I paste here, (you never know when a site will be down)

warning: I can not test , so, use it with responsibility

We’re big into monitoring for servers, networks, services and reporting, and we use Pingdom for a number of uptime and response monitoring services.

Pingdom have a number of servers around the world which perform their monitoring. As we like to be as secure as possible, we usually implement a firewall on our Linux servers, and this means that the firewall rules must be updated when Pingdom (or any other service) brings a new monitoring server online.

We don’t like doing things manually, so we implemented a set of simple scripts to backup, generate and automatically update our firewall rules based on Pingdom’s RSS feed of their monitoring servers. Hopefully these will help you, too.

We have a script which runs daily under cron, called update_pingdom_servers :
...
DAMN Antispam filter!! If I cannot write a bash script name? WTF?
Ok ok.. easy...

Here we go.. again..

Code: Select all

#!/bin/bash
# Update the pingdom firewall rules based on their feed
/usr/bin/wget  [b]DAMN-AND-STUPID-ANTISPAM-"FEATURE"[/b] probe_servers.xml -O /root/probe_servers.xml -o /dev/null
/bin/cat /root/probe_servers.xml | grep IP | sed -e 's/.*IP: //g' | sed -e 's/; Host.*//g' | grep -v IP > /root/pingdom_ips
/bin/rm /root/pingdom_smtp_rules
for ip in `cat /root/pingdom_ips`
do
/bin/echo "iptables -D ufw-user-input -s $ip -p tcp --dport 25 -j ACCEPT" >> /root/pingdom_smtp_rules [i]#< [b]DAMN-AND-STUPID-ANTISPAM-"FEATURE"[/b][/i]
/bin/echo "iptables -A ufw-user-input -s $ip -p tcp --dport 25 -j ACCEPT" >> /root/pingdom_smtp_rules [i]#< [b]DAMN-AND-STUPID-ANTISPAM-"FEATURE"[/b][/i]
done
TODAY=`date +%a%d%b%Y`
iptables-save > /root/firewall.rules.$TODAY
find /root -type f -mtime +7 -name firewall.rules.\* -print | xargs rm -f
sh /root/pingdom_smtp_rules
As you can see from the last line, we then execute pingdom_smtp_rules which was generated from pingdom_ips and has the list of iptables commands to update the firewall in the ufw-user-input chain. If there is every a problem we keep 7 days of firewall rule backups in /root so that previous versions of the rules can easily be restored.
So.. 40 time I try to write/paste this answers..

41 times ..

Why? Because a filename.extension like a bashscript match with urls ..


Edit: OK ..script is horrible damaged ..

Just go to: mgitsol in UK /2011/09/29/automatically-update-pingdom-firewall-rules/ < HELL YEAH!!
ColumbusGEEK
Junior Member
Posts: 12
Joined: 10 Apr 2010, 01:11

Re: Allow IPs via rss feed

Post by ColumbusGEEK »

Thank you. Nice find.

Here is the URL. I'm not sure why you didn't just post it normally.

http://www.mgitsol.co.uk/2011/09/29/aut ... all-rules/
diegors
Junior Member
Posts: 16
Joined: 09 Mar 2012, 16:02

Re: Allow IPs via rss feed

Post by diegors »

I cannot post because the config of forum.


From "Welcome and READ ME FIRST!" topic:
There is a minimum forum post count before URL's can be posted. This is to prevent spamming. Please do not try and subvert this as it will simply mean that your posts will be deleted.
(But don't say "Minimum is x")
ColumbusGEEK
Junior Member
Posts: 12
Joined: 10 Apr 2010, 01:11

Re: Allow IPs via rss feed

Post by ColumbusGEEK »

ah, gotcha. Glad I could help then.
etcet
Junior Member
Posts: 1
Joined: 16 Feb 2013, 01:50

Re: Allow IPs via rss feed

Post by etcet »

Sorry to bump this old thread but I've just written a script to allow the Pingdom probes using CSF. I've had some clients complaining about down time (reported by Pingdom) and found some Pingdom IP's blocked in their firewall log.

I haven't tested this in production yet so if there's any issues, please note them on GitHub or if you're awesome send a pull request. It's on GitHub here: https://github dot com/etcet/csf-allow-pingdom-probes
rldev
Junior Member
Posts: 14
Joined: 12 Jan 2010, 15:25

Re: Allow IPs via rss feed

Post by rldev »

When I run this script I get

iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.

How can I check this?
Post Reply