Dynamicly generate optimized firewall tables based on the full internet bgp prefix & asn tables. Process data from Source: iptoasn.com
go install paepcke.de/asn2pf/cmd/asn2pf@latest
github.com/paepckehh/asn2pf/releases
- Your Amazon dot should be able to communicate with the <amazon_aws>, but no other internet [network|server|service]?
- Your iPhone should be able to communicate with the <apple_icloud>, but not with any of the <facebook_asn> [networks|server]?
- Non of your devices should communicate with:
- declard but usually not connected, but often abused (US Department of Defense) network ranges?
- china great firewall <country_cn> networks?
- rfc1918 networks [private|martians|bogon] [asn:0] via your ISP uplink?
- you want to [silently] [log|limit|stat] all your traffic with a specific full asn for pcap [analysis|decrypt|proof]?
- your chatty TV should only allowed to communicate with <netflix_ipv6>, via a specific [ISP|route|limit]?
- your smtp mail server takes no interest in offerings from <country_ru> <country_in> [unasked] inbound connects?
- Industrie already adapted to this via 'securing' the DNS service (DoT/DoH/...).
- Supports any pf based firwall: macos, openbsd, freebsd, netbsd, pfsense, opensense, network focused linux distros.
- Fast (parses more than One Million prefixes in millisecons).
- Produces optimized tables for building with pf an optimal radix tree.
- 100 % pure golang, simple, easy to review code
asn2pf block drop log facebook amazon rfc1918 dod country:cn country:ru asn:13335
[...]
- split and migrate prefix and asn table sources from all original authoritative creator sources (arin, ...)
- use the asn radix tree package also for serialized/compresses/storage/published intermeds
Yes, Please! PRs Welcome!