In een Synology kan men IP-adressen blokkeren op basis van een lijst. Deze lijst moet alleen ip-adressen bevatten. Er kunnen geen subnets of iets dergelijk opgegeven worden. Met een Powershell script zijn deze ip-adressen om te zetten. Ga voor een lijst naar deze site. Selecteer een land, bijvoorbeeld China. Selecteer de Netmask variant en gooi deze in een CSV. Importeer vervolgens de Output in de automatisch blokkeren lijst. Dit gaat via het configuratie scherm –> Beveiliging –> Automatisch blokkeren –> Blokkeren –> Importeer lijst
PS1:
<#
.SYNOPSIS
Imports function for Get-IPrange. Imports CSV. Export List of IP-addresses. Expect XML file with content. Expects CSV file with Subnets
.NOTES
File Name : IPrangeconverter.ps1
Author : Steven van den Berg (Bexit)
Date : 9:00 Vrijdag 14 januari 2014
Requires : PowerShell v3.0
Tag : PowerShell, Get-IPrange
#>
#Function
function Get-IPrange
{
<#
.SYNOPSIS
Get the IP addresses in a range
.EXAMPLE
Get-IPrange -start 192.168.8.2 -end 192.168.8.20
.EXAMPLE
Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0
.EXAMPLE
Get-IPrange -ip 192.168.8.3 -cidr 24
#>
param
(
[string]$start,
[string]$end,
[string]$ip,
[string]$mask,
[int]$cidr
)
function IP-toINT64 () {
param ($ip)
$octets = $ip.split(".")
return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])
}
function INT64-toIP() {
param ([int64]$int)
return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() )
}
if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}
if ($ip) {
$startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring
$endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring
} else {
$startaddr = IP-toINT64 -ip $start
$endaddr = IP-toINT64 -ip $end
}
for ($i = $startaddr; $i -le $endaddr; $i++)
{
INT64-toIP -int $i
}
}
#XML
Clear
#Import XML Config File
$xmlConfigfile = ".IPAddressConverter.xml"
While (((Test-Path $xmlConfigfile) -eq $false) -or ($NoXML)){
[System.Windows.Forms.MessageBox]::Show("ERROR: $xmlConfigfile not found!")
write-host De XML file kan niet gevonden worden -F Red
If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
exit
}
If (-not ($CSV -and $Outfile)) {
$xml = get-content $xmlConfigfile
If (-not $CSV) {$CSV = $xml.Config.Settings.CSV}
If (-not $Header) {$Header = $xml.Config.Settings.Header}
If (-not $Outfile) {$Outfile = $xml.Config.Settings.Outfile}
}
# The method of reading a .CSV file below ensures that a single line csv is also handled correct
While (((Test-Path $CSV) -eq $false) -or ($NoCSV)){
[System.Windows.Forms.MessageBox]::Show("ERROR: $xmlConfigfile not found!")
write-host De CSV file kan niet gevonden worden -F Red
If (!($psISE)){"Press any key to continue...";[void][System.Console]::ReadKey($true)}
exit
}
$list = @(import-csv -Delimiter '/' $CSV)
write-host ".CSV file contains" $list.count " lines." -F Yellow -B DarkCyan
$list[0]
if ($error.count -ne 0)
{
write-host "An error occurred during the operation. Details follow:"
$error[0].categoryInfo
$error[0].invocationinfo
write-host "=========================================================="
write-host "Quit due to an error" -Fore Red
Exit
}
else
{
#"Successfully opened .CSV file..."
}
#Loop through .CSV file
foreach($entry in $list)
{
# Reset the variable to make sure that they are clean before processing a user.
$IP=$entry.IP
$Mask=$entry.Mask
$list = Get-IPrange -ip $IP -mask $Mask
Add-Content -Value $list -Path $OutFile
}
XML:
<Config>
<Settings>
<CSV>.IPAddressConverter.csv</CSV>
<Outfile>.Output.csv</Outfile>
</Settings>
</Config>
CSV:
IP/MASK
1.1.1.1/255.255.255.0
Functie (Optioneel):
function Get-IPrange
{
<#
.SYNOPSIS
Get the IP addresses in a range
.EXAMPLE
Get-IPrange -start 192.168.8.2 -end 192.168.8.20
.EXAMPLE
Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0
.EXAMPLE
Get-IPrange -ip 192.168.8.3 -cidr 24
#>
param
(
[string]$start,
[string]$end,
[string]$ip,
[string]$mask,
[int]$cidr
)
function IP-toINT64 () {
param ($ip)
$octets = $ip.split(".")
return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3])
}
function INT64-toIP() {
param ([int64]$int)
return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() )
}
if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)}
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) }
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)}
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)}
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))}
if ($ip) {
$startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring
$endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring
} else {
$startaddr = IP-toINT64 -ip $start
$endaddr = IP-toINT64 -ip $end
}
for ($i = $startaddr; $i -le $endaddr; $i++)
{
INT64-toIP -int $i
}
}
ZIP:
IPAddressConverter