This is a small note where I want to store the link to the page with the Google Cloud IP list, which can be used for blocking bots from their hosting.
The list can be found in their official documentation: Obtain Google IP address ranges and here is a direct link: https://www.gstatic.com/ipranges/cloud.json
Blocking GC IP adresses via ipset and iptables
Create file update_gcp_blacklist.sh
sudo nano /usr/local/bin/update_gcp_blacklist.shWith the next contents
#!/bin/bash
# Names in ipset
SET_NAME="gcp_block"
TMP_SET_NAME="gcp_block_tmp"
URL="https://www.gstatic.com/ipranges/cloud.json"
echo "Downloading IP ranges Google Cloud..."
IP_LIST=$(curl -s $URL | jq -r '.prefixes[].ipv4Prefix // empty')
if [ -z "$IP_LIST" ]; then
echo "Err: Could not get or parse IP list."
exit 1
fi
ipset create $TMP_SET_NAME hash:net maxelem 65536 2>/dev/null
ipset flush $TMP_SET_NAME
for ip in $IP_LIST; do
ipset add $TMP_SET_NAME $ip
done
ipset create $SET_NAME hash:net maxelem 65536 2>/dev/null
ipset swap $TMP_SET_NAME $SET_NAME
ipset destroy $TMP_SET_NAME
echo "ipset '$SET_NAME' updated! Total ranges: $(ipset list $SET_NAME | wc -l)"Then you need to execute this script, so the ipset will be created
sudo chmod +x /usr/local/bin/update_gcp_blacklist.sh
sudo bash /usr/local/bin/update_gcp_blacklist.shAnd after this you can block it via iptables
sudo iptables -I INPUT -m set --match-set gcp_block src -j DROPto auto re-apply the rule after rebooting you need to save it
sudo iptables-save | sudo tee /etc/iptables/rules.v4to update ipset blocklist automaticaly you can use the cron job
sudo crontab -eand append to the end of the file
0 3 * * 0 /usr/local/bin/update_gcp_blacklist.sh > /dev/null 2>&1
