#!/usr/bin/env bash
AMAZON_IP_RANGES=https://ip-ranges.amazonaws.com/ip-ranges.json
IPRANGES_json=/tmp/ip-ranges.json
DIR=/tmp
IPV4=${DIR}/block_amazon_ipv4.iptables
IPV6=${DIR}/block_amazon_ipv6.iptables

# --- download file if not already here ---
if [ ! -e ${IPRANGES_json} ]
then
  curl -Ro ${IPRANGES_json} ${AMAZON_IP_RANGES}
fi

# ------ create IPv4 define ------
jq .prefixes[].ip_prefix ${IPRANGES_json} | sed 's/"//g'| while read IP
do
  echo "-A INPUT -s ${IP} -p tcp --m multiport --dports 80,443 -m comment \"amazon IPv4 range\" -j DROP" >>${IPV4}
done

# ------ create IPv6 define file ------
jq .ipv6_prefixes[].ipv6_prefix ${IPRANGES_json} | sed 's/"//g'| while read IP
do
  echo "-A INPUT -s ${IP} -p tcp --m multiport --dports 80,443 -m comment \"amazon IPv6 range\" -j DROP" >>${IPV6}
done