ettore.dreucci/netflix-asn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
netflix-asn/README.md
Ettore Dreucci 52e6b4a9a0 First version
2025-10-05 19:32:16 +02:00

105 lines
3.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# netflix-asn
A small **Python utility** that fetches IPv4/IPv6 prefixes announced by one or more ASNs (via the [BGPView API](https://bgpview.io/api)) and ensures those prefixes are present in a MikroTik **IP firewall address-list**.
Its designed to run inside **Docker** — using a `Dockerfile` and `docker-compose.yml`.
## Features
- Fetches all IPv4/IPv6 prefixes announced by one or more ASNs.
- Adds missing prefixes to a MikroTik address-list.
- Skips existing entries to avoid duplicates.
- Logs progress and errors clearly.
- Suitable for manual or scheduled execution.
## Quick Start
1. Create a `.env` file (see [Example .env](#example-env)).
2. Build the Docker image:
```bash
docker-compose build
```
3. Run the container:
```bash
docker-compose up -d
```
4. View logs:
```bash
docker-compose logs -f asn-syncer
```
## Example `.env`
```env
# Target ASN(s) — default is AS2906 (Netflix)
ASN=AS55095,AS40027,AS394406,AS2906
# MikroTik API connection
MIKROTIK_HOST=192.168.88.1
USERNAME=admin
PASSWORD=verysecret
# Name of the address-list on the MikroTik
ADDRESS_LIST_NAME=Netflix
```
> **Tip:** Keep your `.env` file out of version control.
> Use Docker secrets or a secure secrets manager for production deployments.
## Environment Variables
| Variable | Required | Default | Description |
|---------------------|----------|-----------|------------------------------------------------------|
| `ASN` | No | `AS2906` | Comma-separated list of ASNs to fetch prefixes from. |
| `MIKROTIK_HOST` | Yes | — | IP or hostname of the MikroTik device. |
| `USERNAME` | Yes | — | MikroTik API username. |
| `PASSWORD` | Yes | — | MikroTik API password. |
| `ADDRESS_LIST_NAME` | No | `Netflix` | MikroTik address-list name to add entries to. |
> The script sets a fixed `timeout=24:00:00` for each address-list entry.
> Modify the script if you prefer permanent entries.
## How It Works
1. The script loads configuration from environment variables.
2. For each ASN, it queries:
```
https://api.bgpview.io/asn/<ASN>/prefixes
```
3. It collects all IPv4/IPv6 prefixes and removes duplicates.
4. Connects to the MikroTik API using [`librouteros`](https://pypi.org/project/librouteros/).
5. For each prefix:
- Skips it if it already exists in the address-list.
- Otherwise adds it with:
- `timeout=24:00:00`
- `comment="Added from ASN"`
## Logging & Exit Codes
| Type | Description |
|-----------------|------------------------------------------------------------|
| **INFO** | Normal progress messages (connection, added subnets, etc). |
| **DEBUG** | Skipped subnets that already exist. |
| **ERROR/FATAL** | Connection or API failure. |
| Exit Code | Meaning |
|------------|--------------------------------------------------------------|
| `0` | Success |
| `1` | Fatal error (missing vars, API failure, or connection error) |
## Security Notes
- Never commit credentials or `.env` files to Git.
- Use dedicated API accounts on MikroTik with minimal permissions.
- Run the container within a trusted network or over a secure VPN.
- Use `Docker secrets` for sensitive information in production.
## License
This project is provided under the [MIT License](LICENSE) — free for personal and commercial use.
Reference in New Issue View Git Blame Copy Permalink