#Script - Example for create UptimeRobot Objects

mMontana
mMontana Posts: 1,300  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
After the "little HTTPS access attack/snafu" perpetrated by unknown bad crackers and criminals (and a really useful patch with wonderful tools for mitigation) i found a bit tricky to keep using my remote monitoring tool for availability UptimeRobot.

Therefore, using the object capabilities of USG (and not only) firmware I was able to write some scripts for create objects (ip and subnets) and groups (of both) for firewall rules that allowed the monitoring of devices of my customers.

The following script create only the objects for the firewall rules (zyxel calls them Policy Control). After this script you have one Address Group Object called "Uptime_Group" for create your own rules.
This example contain IPv4 addresses only, but feel free to integrate with IPv6 objects.
And please, publish if you do it ;=

As always...
Backup (configuration, then download it)
Before
Begin (and don't berate me if any misuse is done)

Source of addresses

<div>configure terminal<br>address-object UptimeRobot_001 69.162.124.224/28<br>address-object UptimeRobot_002 63.143.42.240/28<br>address-object UptimeRobot_003 216.245.221.80/28<br>address-object UptimeRobot_004 208.115.199.16/28<br>address-object UptimeRobot_005 122.248.234.23<br>address-object UptimeRobot_006 216.144.250.150<br>address-object UptimeRobot_007 46.137.190.132<br>address-object UptimeRobot_008 122.248.234.23<br>address-object UptimeRobot_009 167.99.209.234<br>address-object UptimeRobot_010 178.62.52.237<br>address-object UptimeRobot_011 54.79.28.129<br>address-object UptimeRobot_012 54.94.142.218<br>address-object UptimeRobot_013 104.131.107.63<br>address-object UptimeRobot_014 54.67.10.127<br>address-object UptimeRobot_015 54.64.67.106<br>address-object UptimeRobot_016 159.203.30.41<br>address-object UptimeRobot_017 46.101.250.135<br>address-object UptimeRobot_018 18.221.56.27<br>address-object UptimeRobot_019 52.60.129.180<br>address-object UptimeRobot_020 159.89.8.111<br>address-object UptimeRobot_021 146.185.143.14<br>address-object UptimeRobot_022 139.59.173.249<br>address-object UptimeRobot_023 165.227.83.148<br>address-object UptimeRobot_024 128.199.195.156<br>address-object UptimeRobot_025 138.197.150.151<br>address-object UptimeRobot_026 34.233.66.117<br>object-group address Uptime_Group<br>address-object UptimeRobot_001<br>address-object UptimeRobot_002<br>address-object UptimeRobot_003<br>address-object UptimeRobot_004<br>address-object UptimeRobot_005<br>address-object UptimeRobot_006<br>address-object UptimeRobot_007<br>address-object UptimeRobot_008<br>address-object UptimeRobot_009<br>address-object UptimeRobot_010<br>address-object UptimeRobot_011<br>address-object UptimeRobot_012<br>address-object UptimeRobot_013<br>address-object UptimeRobot_014<br>address-object UptimeRobot_015<br>address-object UptimeRobot_016<br>address-object UptimeRobot_017<br>address-object UptimeRobot_018<br>address-object UptimeRobot_019<br>address-object UptimeRobot_020<br>address-object UptimeRobot_021<br>address-object UptimeRobot_022<br>address-object UptimeRobot_023<br>address-object UptimeRobot_024<br>address-object UptimeRobot_025<br>address-object UptimeRobot_026<br>exit<br>exit<br>exit</div><div></div>

Please check regularly if the address list is updated by UptimeRobot, don't put the objects into your configuration and use them without ensure that addresses are still used by the service you need.

About triple "exit"...
The first one ends the input of objects into groups
The second one ends the configuration of the device
The third one ends the terminal session
Use the right (for your intends) number of "exit"s ;)

All Replies

  • MJStar
    MJStar Posts: 34  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    Thanks for sharing! It looks great B) !
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Update. Script was reviewed, corrected (Object UptimeRobot_008 had duplicated ip address, added one more object)

    <div>configure terminal<br>address-object UptimeRobot_001 69.162.124.224/28<br>address-object UptimeRobot_002 63.143.42.240/28<br>address-object UptimeRobot_003 216.245.221.80/28<br>address-object UptimeRobot_004 208.115.199.16/28<br>address-object UptimeRobot_005 122.248.234.23<br>address-object UptimeRobot_006 216.144.250.150<br>address-object UptimeRobot_007 46.137.190.132<br>address-object UptimeRobot_008 52.70.84.165<br>address-object UptimeRobot_009 167.99.209.234<br>address-object UptimeRobot_010 178.62.52.237<br>address-object UptimeRobot_011 54.79.28.129<br>address-object UptimeRobot_012 54.94.142.218<br>address-object UptimeRobot_013 104.131.107.63<br>address-object UptimeRobot_014 54.67.10.127<br>address-object UptimeRobot_015 54.64.67.106<br>address-object UptimeRobot_016 159.203.30.41<br>address-object UptimeRobot_017 46.101.250.135<br>address-object UptimeRobot_018 18.221.56.27<br>address-object UptimeRobot_019 52.60.129.180<br>address-object UptimeRobot_020 159.89.8.111<br>address-object UptimeRobot_021 146.185.143.14<br>address-object UptimeRobot_022 139.59.173.249<br>address-object UptimeRobot_023 165.227.83.148<br>address-object UptimeRobot_024 128.199.195.156<br>address-object UptimeRobot_025 138.197.150.151<br>address-object UptimeRobot_026 34.233.66.117<br>address-object UptimeRobot_027 54.225.82.45<br>object-group address HTTPS_UptimeRobot<br>address-object UptimeRobot_001<br>address-object UptimeRobot_002<br>address-object UptimeRobot_003<br>address-object UptimeRobot_004<br>address-object UptimeRobot_005<br>address-object UptimeRobot_006<br>address-object UptimeRobot_007<br>address-object UptimeRobot_008<br>address-object UptimeRobot_009<br>address-object UptimeRobot_010<br>address-object UptimeRobot_011<br>address-object UptimeRobot_012<br>address-object UptimeRobot_013<br>address-object UptimeRobot_014<br>address-object UptimeRobot_015<br>address-object UptimeRobot_016<br>address-object UptimeRobot_017<br>address-object UptimeRobot_018<br>address-object UptimeRobot_019<br>address-object UptimeRobot_020<br>address-object UptimeRobot_021<br>address-object UptimeRobot_022<br>address-object UptimeRobot_023<br>address-object UptimeRobot_024<br>address-object UptimeRobot_025<br>address-object UptimeRobot_026<br>address-object UptimeRobot_027<br><br></div>
    Don't forget the "right" exit at the end.
  • Mario
    Mario Posts: 104  Ally Member
    First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    thanks for sharing. just a comment from my side:
    I don't like if I need to "hardcode" IP Adresses in any config, one day they will change and you need to fix it on all devices. I prefer to use DNS, and with zyxel you can use the FQDN Object for this.
    An easy way is to create a DNS with multiple A records pointing to the target IP's.
    So you have one place to make a change if needet B)
    Zyxel is also able to include IPv4 and IPv6 in one FQDN Object, see my example:



  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    @Mario thanks for your opinion :smile:
    I prefer IP addresses because they should be immune to eventual DNS hiccups about false detection as friend of foe.
    Data came from uptime Robot and i use only IPV4 addresses, but the data is available also with IPv6 addresses. With few minutes on a text editor and SSH session, copy and paste can do wonderful things.

    Rules could also be created via script, but in my personal opinion, any firewall manager has own style of positioning, order, naming. Providing objects can allow anyone to play with already available things ;-)

Security Highlight