ettore.dreucci/netflix-asn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
netflix-asn/README.md
Ettore Dreucci 52e6b4a9a0 First version
2025-10-05 19:32:16 +02:00

3.7 KiB
Raw Permalink Blame History

netflix-asn

A small Python utility that fetches IPv4/IPv6 prefixes announced by one or more ASNs (via the BGPView API) and ensures those prefixes are present in a MikroTik IP firewall address-list.

Its designed to run inside Docker — using a Dockerfile and docker-compose.yml.

Features

  • Fetches all IPv4/IPv6 prefixes announced by one or more ASNs.
  • Adds missing prefixes to a MikroTik address-list.
  • Skips existing entries to avoid duplicates.
  • Logs progress and errors clearly.
  • Suitable for manual or scheduled execution.

Quick Start

  1. Create a .env file (see Example .env).

  2. Build the Docker image:

    docker-compose build

  3. Run the container:

    docker-compose up -d

  4. View logs:

    docker-compose logs -f asn-syncer

Example .env

# Target ASN(s) — default is AS2906 (Netflix)
ASN=AS55095,AS40027,AS394406,AS2906

# MikroTik API connection
MIKROTIK_HOST=192.168.88.1
USERNAME=admin
PASSWORD=verysecret

# Name of the address-list on the MikroTik
ADDRESS_LIST_NAME=Netflix

Tip: Keep your .env file out of version control.
Use Docker secrets or a secure secrets manager for production deployments.

Environment Variables

Variable Required Default Description
ASN No AS2906 Comma-separated list of ASNs to fetch prefixes from.
MIKROTIK_HOST Yes IP or hostname of the MikroTik device.
USERNAME Yes MikroTik API username.
PASSWORD Yes MikroTik API password.
ADDRESS_LIST_NAME No Netflix MikroTik address-list name to add entries to.

The script sets a fixed timeout=24:00:00 for each address-list entry.
Modify the script if you prefer permanent entries.

How It Works

  1. The script loads configuration from environment variables.
  2. For each ASN, it queries: 
    https://api.bgpview.io/asn/<ASN>/prefixes
  3. It collects all IPv4/IPv6 prefixes and removes duplicates.
  4. Connects to the MikroTik API using librouteros.
  5. For each prefix:
    • Skips it if it already exists in the address-list.
    • Otherwise adds it with:
      • timeout=24:00:00
      • comment="Added from ASN"

Logging & Exit Codes

Type Description
INFO Normal progress messages (connection, added subnets, etc).
DEBUG Skipped subnets that already exist.
ERROR/FATAL Connection or API failure.
Exit Code Meaning
0 Success
1 Fatal error (missing vars, API failure, or connection error)

Security Notes

  • Never commit credentials or .env files to Git.
  • Use dedicated API accounts on MikroTik with minimal permissions.
  • Run the container within a trusted network or over a secure VPN.
  • Use Docker secrets for sensitive information in production.

License

This project is provided under the MIT License — free for personal and commercial use.