Page 1 of 1
Allow IPs via rss feed
Posted: 25 Jul 2011, 14:54
by ColumbusGEEK
I use Pingdom to monitor my servers uptime across the globe. On occasion I see an IP from one of their locations get's banned for scanning the server. Normally one would just pop in the IP address that get's blocked in the ignore list and move on, but in this case they have hundreds of IPs across the world that ping the server. How can I automate this so the IPs they use get added to my ignore file?
They provide a rss feed of the IPs they use.
Code: Select all
https://www.pingdom DOT com/rss/probe_servers.xml
Is there something inside csf I can use already to do this, or will I have to take the rss feed, strip the info and do something tricky with it for this to work?
thanks in advance for any suggestions.
Re: Allow IPs via rss feed
Posted: 02 Aug 2011, 10:00
by chirpy
You would need to use the GLOBAL_ALLOW function which only accepts a text file with one IP address per line, so you would have to preprocess the RSS feed before csf can use it.
Re: Allow IPs via rss feed
Posted: 02 Aug 2011, 13:38
by ColumbusGEEK
That what I was thinking.
Is it possible to reference two global allow files so I do not have to worry about breaking my existing one? GLOBAL_ALLOW and GLOBAL_ALLOW_CUSTOM for example?
I know this isn't your responsibility, but any ideas on how to pre-process the xml into a text? I'll look into it further but was just curious of your opinion.
Re: Allow IPs via rss feed
Posted: 03 Mar 2012, 00:04
by ColumbusGEEK
I wasnt able to come up with an automated solution. I threw the most recent rss feed into a text editor, stripped out everything but the ip addresses from Pingdom and dumped that into my global whitelist.
Pingdom RSS feed.
https://www.pingdom.com/rss/probe_servers.xml
If anybody wants the list, here you go.
Code: Select all
###############################################
# pingdom.com servers
# updated Fri, 02 Mar 2012 23:40:02 +0100
###############################################
46.165.195.139
69.59.28.19
178.255.154.2
178.255.153.2
178.255.155.2
178.255.152.2
64.141.100.136
212.84.74.156
173.204.85.217
50.23.94.74
46.20.45.18
199.87.228.66
76.72.167.90
94.247.174.83
69.64.56.47
176.31.228.137
184.75.210.186
108.62.115.226
94.46.4.1
173.248.147.18
72.46.130.42
74.53.193.66
74.52.50.50
83.170.113.102
95.211.87.85
207.218.231.170
207.97.207.200
67.192.120.134
78.136.27.223
204.152.200.42
85.25.176.167
174.34.162.242
94.46.240.121
208.43.68.59
67.228.213.178
64.237.55.3
82.103.128.63
174.34.156.130
70.32.40.2
67.205.112.79
96.31.66.245
##############################################
# pingdom servers
##############################################
Re: Allow IPs via rss feed
Posted: 09 Mar 2012, 16:22
by diegors
Hi.
Yesterday, I found a site with the answers.
I was looking for also.
I paste here, (you never know when a site will be down)
warning: I can not test , so, use it with responsibility
We’re big into monitoring for servers, networks, services and reporting, and we use Pingdom for a number of uptime and response monitoring services.
Pingdom have a number of servers around the world which perform their monitoring. As we like to be as secure as possible, we usually implement a firewall on our Linux servers, and this means that the firewall rules must be updated when Pingdom (or any other service) brings a new monitoring server online.
We don’t like doing things manually, so we implemented a set of simple scripts to backup, generate and automatically update our firewall rules based on Pingdom’s RSS feed of their monitoring servers. Hopefully these will help you, too.
We have a script which runs daily under cron, called update_pingdom_servers :
...
DAMN Antispam filter!! If I cannot write a bash script name? WTF?
Ok ok.. easy...
Here we go.. again..
Code: Select all
#!/bin/bash
# Update the pingdom firewall rules based on their feed
/usr/bin/wget [b]DAMN-AND-STUPID-ANTISPAM-"FEATURE"[/b] probe_servers.xml -O /root/probe_servers.xml -o /dev/null
/bin/cat /root/probe_servers.xml | grep IP | sed -e 's/.*IP: //g' | sed -e 's/; Host.*//g' | grep -v IP > /root/pingdom_ips
/bin/rm /root/pingdom_smtp_rules
for ip in `cat /root/pingdom_ips`
do
/bin/echo "iptables -D ufw-user-input -s $ip -p tcp --dport 25 -j ACCEPT" >> /root/pingdom_smtp_rules [i]#< [b]DAMN-AND-STUPID-ANTISPAM-"FEATURE"[/b][/i]
/bin/echo "iptables -A ufw-user-input -s $ip -p tcp --dport 25 -j ACCEPT" >> /root/pingdom_smtp_rules [i]#< [b]DAMN-AND-STUPID-ANTISPAM-"FEATURE"[/b][/i]
done
TODAY=`date +%a%d%b%Y`
iptables-save > /root/firewall.rules.$TODAY
find /root -type f -mtime +7 -name firewall.rules.\* -print | xargs rm -f
sh /root/pingdom_smtp_rules
As you can see from the last line, we then execute pingdom_smtp_rules which was generated from pingdom_ips and has the list of iptables commands to update the firewall in the ufw-user-input chain. If there is every a problem we keep 7 days of firewall rule backups in /root so that previous versions of the rules can easily be restored.
So.. 40 time I try to write/paste this answers..
41 times ..
Why? Because a filename.extension like a bashscript match with urls ..
Edit: OK ..script is horrible damaged ..
Just go to: mgitsol in UK /2011/09/29/automatically-update-pingdom-firewall-rules/ < HELL YEAH!!
Re: Allow IPs via rss feed
Posted: 09 Mar 2012, 16:36
by ColumbusGEEK
Thank you. Nice find.
Here is the URL. I'm not sure why you didn't just post it normally.
http://www.mgitsol.co.uk/2011/09/29/aut ... all-rules/
Re: Allow IPs via rss feed
Posted: 09 Mar 2012, 18:47
by diegors
I cannot post because the config of forum.
From "Welcome and READ ME FIRST!" topic:
There is a minimum forum post count before URL's can be posted. This is to prevent spamming. Please do not try and subvert this as it will simply mean that your posts will be deleted.
(But don't say "Minimum is x")
Re: Allow IPs via rss feed
Posted: 09 Mar 2012, 19:00
by ColumbusGEEK
ah, gotcha. Glad I could help then.
Re: Allow IPs via rss feed
Posted: 16 Feb 2013, 02:03
by etcet
Sorry to bump this old thread but I've just written a script to allow the Pingdom probes using CSF. I've had some clients complaining about down time (reported by Pingdom) and found some Pingdom IP's blocked in their firewall log.
I haven't tested this in production yet so if there's any issues, please note them on GitHub or if you're awesome send a pull request. It's on GitHub here:
https://github dot com/etcet/csf-allow-pingdom-probes
Re: Allow IPs via rss feed
Posted: 15 Mar 2013, 14:59
by rldev
When I run this script I get
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: No chain/target/match by that name.
How can I check this?