/
fqdn-ipset.ps1
95 lines (85 loc) · 3.53 KB
/
fqdn-ipset.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# FQDN IP Set population tool
# a: anthony burke
# g: github.com/pandom/
# t: pandom_
# This should be run as a cronjob every X hours
param(
$domainname = "news.com.au"
)
#Internal, non custom variables
$FQDNIpSetName = "IPS-$domainname-v4"
$FQDNIpSetName6 = "IPS-$domainname-v6"
$existingIp = Get-NsxIpset -name $FQDNIpSetName
$existingIp6 = Get-NsxIpset -name $FQDNIpSetName6
if (!$existingIp){
$existingIp = New-NsxIpSet -name "$FQDNIpSetName"
}
if (!$existingIp6){
$existingIp6 = New-NsxIpSet -name "$FQDNIpSetName6"
}
# Perform DNS lookup
$updatedIp = [System.Net.Dns]::GetHostAddressesAsync($domainname)
$ipv4only = $updatedip.Result | ? {$_.AddressFamily -eq "InterNetwork"}
$ipv6only = $updatedip.Result | ? {$_.AddressFamily -eq "InterNetworkV6"}
$updatedIps = $ipv4only.IpAddressToString
$updatedIps6 = $ipv6only.IpAddressToString
$Global:array = @()
$Global:array += $updatedIps
$Global:array6 = @()
$Global:array6 += $updatedIps6
#Add New IPv4 Addresses from $updatedIPs
if ($updatedIps.count -gt '0') {
write-host "Attempting to add $($array.length) IPv4 address(es) to $FQDNIpSetName"
$Global:FQDNIpSet = Get-NsxIpSet -name $FQDNIpSetName | Add-NsxIpSetMember -IPAddress $array
}
# #Add New IPv6 Addresses from $updatedIPs6
if ($updatedIps6.count -gt '0') {
write-host "Attempting to add $($array6.length) IPv6 address(es) to $FQDNIpSetName6"
$Global:FQDNIpSet6 = Get-NsxIpSet -name $FQDNIpSetName6 | Add-NsxIpSetMember -IPAddress $array6
}
#Remove old IPv4 Addresses if new $updatedIPs are added
write-host "Tidying IPv4 entries"
if ($existingip.value -gt 0){
try {
$splitEIp = $existingip.value.Split(",")
$global:existingipArray = @()
foreach ($eip in $splitEIp) {
foreach ($ipv4 in $ipv4only) {
if ($eip -ne $ipv4){
$global:existingipArray += $eip
}
}
}
$global:purgearray = $existingiparray | Select -Unique
if ($purgearray.count -gt '0'){
#write-host "Attempting to remove $($purgearray.count) stale IP Addresses from $FQDNIpSetName"
$null = Get-NsxIpSet -name $FQDNIpSetName | Remove-NsxIpSetMember -IPaddress $global:purgearray
}
}
catch {
#write-host "No stale IPv4 entries to remove"
}
}
#Remove old IPv6 Addresses if new $updatedIPs6 are added
write-host "Tidying IPv6 entries"
if ($existingip6.value -gt 0){
try {
$splitEIp6 = $existingip6.value.Split(",")
$global:existingipArray6 = @()
foreach ($eip6 in $splitEIp6) {
foreach ($ipv6 in $ipv6only) {
if ($eip6 -ne $ipv6){
$global:existingipArray6 += $eip6
}
}
}
$global:purgearray6 = $existingiparray6 | Select -Unique
if ($purgearray6.count -gt '0'){
#write-host "Attempting to remove $($purgearray6.count) stale IP Addresses from $FQDNIpSetName6"
$null = Get-NsxIpSet -name $FQDNIpSetName6 | Remove-NsxIpSetMember -IPaddress $global:purgearray6
}
}
catch {
#write-host "No stale IPv6 entries to remove"
}
}