If you followed my guide HERE and HERE you might be wondering if there is no easier/more automated way of doing it, and in fact there is a simple script that you could build.
#!/bin/bash
if [ "$#" -eq 0 ]; then
echo "Usage: ./${0} [v4|v6]"
exit 1
fi
FILTER="route"
if [ "$#" -eq 2 ]; then
if [ "$2" == "v4" ]
then
FILTER="route:"
fi
if [ "$2" == "v6" ]
then
FILTER="route6:"
fi
fi
WHOISSERVER="whois.radb.net"
IPN=$(dig +short $1 | head -1)
ASN=$( whois -h ${WHOISSERVER} ${IPN} | grep -i origin | tr -s " " | cut -d " " -f2)
for i in $ASN; do
whois -h ${WHOISSERVER} -- "-i origin ${i}" | grep ^${FILTER} | tr -s " " | cut -d " " -f2-
done
While this script is handy and it’s nice to know the networks of the large players of the internet, you shouldn’t be too trigger happy with its output, for example if you attempt to block just the domain “example.com” this way you would block a WHOLE LOT more than you are expecting,the primary goal of this script not to be an input for iptables but to be a guide of which networks belongs to whom.
Bonus:
You can make the list shorter by aggregating smaller networks in a bigger CIDR, for example “192.168.0.0/24” and “192.168.1.0/24” could be expressed as “192.168.0.0/23”
HERE you can find a python script that accept as input a list of networks, all you need to do is pipe the output of the script above in this script and you’ll get an optimized list.
an example to get a nice list of CIDRs of the facebook network.
./getnetworks.sh facebook.com | aggregate6
It should output the following as of 2019-11-02:
31.13.24.0/21
31.13.64.0/18
45.64.40.0/22
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
102.132.96.0/20
103.4.96.0/22
129.134.0.0/16
157.240.0.0/16
173.252.64.0/18
179.60.192.0/22
185.60.216.0/22
199.201.64.0/22
204.15.20.0/22
2401:db00::/32
2620:0:1c00::/40
2803:6080::/32
2a03:2880::/32
2a03:2887:ff34::/48
Sources:
https://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook
https://gist.github.com/normoes/829d65866c8bf6d32b13f020479b172b
https://developers.facebook.com/docs/sharing/webmasters/crawler
https://github.com/job/aggregate6