# netflix-asn

A small **Python utility** that fetches IPv4/IPv6 prefixes announced by one or more ASNs (via the [BGPView API](https://bgpview.io/api)) and ensures those prefixes are present in a MikroTik **IP firewall address-list**.  

It’s designed to run inside **Docker** — using a `Dockerfile` and `docker-compose.yml`.

## Features

- Fetches all IPv4/IPv6 prefixes announced by one or more ASNs.
- Adds missing prefixes to a MikroTik address-list.
- Skips existing entries to avoid duplicates.
- Logs progress and errors clearly.
- Suitable for manual or scheduled execution.

## Quick Start

1. Create a `.env` file (see [Example .env](#example-env)).
2. Build the Docker image:

   ```bash
   docker-compose build
   ```

3. Run the container:

   ```bash
   docker-compose up -d
   ```

4. View logs:

   ```bash
   docker-compose logs -f asn-syncer
   ```

## Example `.env`

```env
# Target ASN(s) — default is AS2906 (Netflix)
ASN=AS55095,AS40027,AS394406,AS2906

# MikroTik API connection
MIKROTIK_HOST=192.168.88.1
USERNAME=admin
PASSWORD=verysecret

# Name of the address-list on the MikroTik
ADDRESS_LIST_NAME=Netflix
```

> **Tip:** Keep your `.env` file out of version control.  
> Use Docker secrets or a secure secrets manager for production deployments.

## Environment Variables

| Variable            | Required | Default   | Description                                          |
|---------------------|----------|-----------|------------------------------------------------------|
| `ASN`               | No       | `AS2906`  | Comma-separated list of ASNs to fetch prefixes from. |
| `MIKROTIK_HOST`     | Yes      | —         | IP or hostname of the MikroTik device.               |
| `USERNAME`          | Yes      | —         | MikroTik API username.                               |
| `PASSWORD`          | Yes      | —         | MikroTik API password.                               |
| `ADDRESS_LIST_NAME` | No       | `Netflix` | MikroTik address-list name to add entries to.        |

> The script sets a fixed `timeout=24:00:00` for each address-list entry.  
> Modify the script if you prefer permanent entries.

## How It Works

1. The script loads configuration from environment variables.
2. For each ASN, it queries:
   ```
   https://api.bgpview.io/asn/<ASN>/prefixes
   ```
3. It collects all IPv4/IPv6 prefixes and removes duplicates.
4. Connects to the MikroTik API using [`librouteros`](https://pypi.org/project/librouteros/).
5. For each prefix:
   - Skips it if it already exists in the address-list.
   - Otherwise adds it with:
     - `timeout=24:00:00`
     - `comment="Added from ASN"`

## Logging & Exit Codes

| Type            | Description                                                |
|-----------------|------------------------------------------------------------|
| **INFO**        | Normal progress messages (connection, added subnets, etc). |
| **DEBUG**       | Skipped subnets that already exist.                        |
| **ERROR/FATAL** | Connection or API failure.                                 |

| Exit Code  | Meaning                                                      |
|------------|--------------------------------------------------------------|
| `0`        | Success                                                      |
| `1`        | Fatal error (missing vars, API failure, or connection error) |

## Security Notes

- Never commit credentials or `.env` files to Git.
- Use dedicated API accounts on MikroTik with minimal permissions.
- Run the container within a trusted network or over a secure VPN.
- Use `Docker secrets` for sensitive information in production.

## License

This project is provided under the [MIT License](LICENSE) — free for personal and commercial use.