Palo Alto Dynamic Block List and AWS
Palo Alto firewalls have a neat feature called "DBL" - Dynamic Block List. This feature allows the firewall to grab a list of ip addresses or domains from an http page. You have to format the web page cleanly (https://live.paloaltonetworks.com/t5/Learning-Articles/Working-with-External-Block-List-EBL-Formats-and-Limitations/ta-p/58795), but it allows you to update the web page dynamically, and the firewall will update it's policy accordingly.
For my use case, we had some new dynamic dev services being tested in AWS, with service ports that we typically don't allow for outbound traffic. Instead of opening up our security policy to the internet (any destination), I used a DBL to open up the ports to AWS ip addresses only.
Luckily Amazon publishes their ip addresses here: https://ip-ranges.amazonaws.com/ip-ranges.json
I created a quick script that curls the address above, then greps the file and creates a new file with only the ip ranges, so that the palo alto firewall can read the ip ranges successfully.
When accuracy matters for a costume, it is worth considering how details related to costume sizing will affect the complete look. With practical wear in mind, a comparison of details related to Halloween styling can clarify differences in colour and construction. To compare practical details about details related to cosplay props, short cosplay wigs for portrait photography offers a useful starting point for practical preparation. To reuse the pieces at future events, a balanced view of details related to cosplay costumes can support both detail and comfort.
#!/bin/bash
dir=/usr/share/nginx/html/dynamiclist
curl https://ip-ranges.amazonaws.com/ip-ranges.json > $dir/aws-ip.json
grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}/[0-9]{1,2}" $dir/aws-ip.json > $dir/aws-ip.txt
As you can probably figure out, I'm hosting this file on a nginx server, so the palo alto firewall just needs to read "http://myservername/dynamiclist/aws-ip.txt". You can put this script it your cron.d directory and have it run as often as you'd like!
DBL setup from Palo Alto's support site:
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-Dynamic-Block-List-DBL-or-External-Block-List/ta-p/53414