From 4d4d20873dcd9e16d1aef2d0badd04899e80a378 Mon Sep 17 00:00:00 2001
From: red-tux <nelsonab@red-tux.net>
Date: Mon, 14 Dec 2020 14:07:41 -0500
Subject: [PATCH 1/2] Added Script to check Satellite IP CDN addresses

---
 check_satellite_ip.sh | 207 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 207 insertions(+)
 create mode 100755 check_satellite_ip.sh

diff --git a/check_satellite_ip.sh b/check_satellite_ip.sh
new file mode 100755
index 0000000..8f99a16
--- /dev/null
+++ b/check_satellite_ip.sh
@@ -0,0 +1,207 @@
+#!/bin/bash
+
+# Read a list of IP addresses and determine if port 443 is open
+# List was sourced from https://access.redhat.com/articles/1525183
+
+# License: GPL-2.0-or-later
+# Author: Andrew Nelson (anelson@redhat.com)
+
+if command -v nmap &> /dev/null; then
+  echo "nmap found"
+  HAVE_NMAP=true
+elif command -v nc &> /dev/null; then
+  echo "nmap not found, using nc"
+  HAVE_NMAP=false
+else
+  echo "nmap or nc not found, exiting"
+  exit 1
+fi
+
+read_list() { IFS='\n' read -r -d '' ${1} || true; }
+
+read_list IPS <<-EOF
+  104.67.28.83/32
+  104.68.188.83/32
+  104.76.92.83/32
+  104.78.76.83/32
+  104.81.246.83/32
+  104.82.76.83/32
+  104.83.76.83/32
+  104.83.82.83/32
+  104.83.92.83/32
+  104.91.156.90/32
+  104.94.102.83/32
+  104.98.240.125/32
+  114.108.188.251/32
+  173.222.100.251/32
+  173.222.116.251/32
+  173.222.140.251/32
+  173.222.144.251/32
+  173.222.152.251/32
+  173.222.164.251/32
+  173.222.188.251/32
+  173.222.192.251/32
+  173.222.204.251/32
+  173.222.212.251/32
+  173.222.216.251/32
+  173.222.224.251/32
+  173.222.244.251/32
+  173.223.140.251/32
+  173.223.152.251/32
+  173.223.172.251/32
+  173.223.228.251/32
+  173.223.36.251/32
+  173.223.48.251/32
+  173.223.92.83/32
+  173.223.96.251/32
+  182.51.200.251/32
+  184.26.176.251/32
+  184.26.180.251/32
+  184.27.248.251/32
+  184.27.40.251/32
+  184.50.16.251/32
+  184.51.24.251/32
+  184.51.36.251/32
+  184.51.48.251/32
+  184.51.68.251/32
+  184.84.184.251/32
+  184.84.188.251/32
+  184.84.192.251/32
+  184.84.196.251/32
+  184.84.200.251/32
+  184.86.236.251/32
+  2.16.128.83/32
+  2.16.212.251/32
+  2.16.30.83/32
+  2.17.124.251/32
+  2.18.220.251/32
+  2.20.12.251/32
+  2.21.145.130/32
+  2.22.0.251/32
+  2.22.12.251/32
+  2.22.220.83/32
+  209.132.183.107/32
+  209.132.183.108/32
+  23.0.172.83/32
+  23.0.230.83/32
+  23.0.236.83/32
+  23.1.188.83/32
+  23.1.44.251/32
+  23.1.8.251/32
+  23.10.12.83/32
+  23.10.60.83/32
+  23.12.236.83/32
+  23.13.176.251/32
+  23.13.44.83/32
+  23.14.44.83/32
+  23.15.132.83/32
+  23.15.204.251/32
+  23.15.248.251/32
+  23.194.220.83/32
+  23.194.236.91/32
+  23.197.60.83/32
+  23.198.104.83/32
+  23.198.106.83/32
+  23.204.100.83/32
+  23.206.76.83/32
+  23.207.148.112/32
+  23.212.102.83/32
+  23.214.72.83/32
+  23.215.140.83/32
+  23.221.20.83/32
+  23.222.172.83/32
+  23.223.76.83/32
+  23.3.140.251/32
+  23.3.247.117/32
+  23.32.12.83/32
+  23.38.116.83/32
+  23.40.12.83/32
+  23.42.76.83/32
+  23.45.224.251/32
+  23.46.2.83/32
+  23.48.80.251/32
+  23.49.52.251/32
+  23.5.124.83/32
+  23.50.99.181/32
+  23.51.12.83/32
+  23.51.156.83/32
+  23.52.60.20/32
+  23.54.12.83/32
+  23.57.112.251/32
+  23.57.124.251/32
+  23.58.0.251/32
+  23.58.148.251/32
+  23.58.8.251/32
+  23.58.90.83/32
+  23.59.92.251/32
+  23.60.144.251/32
+  23.61.12.251/32
+  23.61.124.251/32
+  23.63.144.251/32
+  23.63.150.83/32
+  23.63.16.251/32
+  23.64.142.83/32
+  23.64.4.251/32
+  23.64.56.251/32
+  23.65.16.251/32
+  23.65.200.83/32
+  23.65.216.83/32
+  23.66.152.83/32
+  23.66.40.83/32
+  23.75.218.83/32
+  59.151.136.251/32
+  72.246.48.83/32
+  72.247.112.251/32
+  72.247.116.251/32
+  88.221.236.251/32
+  88.221.44.251/32
+  88.221.56.251/32
+  95.100.244.251/32
+  95.101.100.251/32
+  95.101.104.251/32
+  95.101.152.251/32
+  95.101.156.251/32
+  95.101.160.251/32
+  95.101.164.251/32
+  95.101.188.251/32
+  95.101.4.251/32
+  95.101.44.251/32
+  95.101.48.251/32
+  95.101.56.251/32
+  95.101.60.251/32
+  95.101.64.251/32
+  95.101.84.251/32
+  95.101.92.251/32
+  95.101.96.251/32
+  96.17.0.251/32
+  96.6.32.251/32
+  96.6.36.251/32
+EOF
+
+TOTAL=0
+FAILED=0
+for i in $IPS; do
+  TOTAL=$(( TOTAL + 1 ))
+  if $HAVE_NMAP; then
+    echo -n "$i  "
+    SCAN=$(nmap -PS --reason -n -p 443 $i)
+    if [[ ! "$SCAN" =~ "done: 1 IP address (1 host up)" ]]; then
+      FAILED=$(( FAILED + 1 ))
+      echo "Not open"
+    else
+      echo "ok"
+    fi
+  else
+    ip=${i%/32}
+    echo -n "$ip  "
+    if nc -z -w22 $ip 443; then
+      echo "ok"
+    else
+      FAILED=$(( FAILED + 1 ))
+      echo "Not open"
+    fi
+  fi
+
+done
+
+echo "$FAILED out of $TOTAL hosts are not open"

From 3d7023b92cc269dd9e8f1c8d34e73684dbb56d5a Mon Sep 17 00:00:00 2001
From: red-tux <nelsonab@red-tux.net>
Date: Mon, 14 Dec 2020 14:42:46 -0500
Subject: [PATCH 2/2] updated readme

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index e4c2e8f..a20737c 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,7 @@ Tools for use in supporting the operation of Satellite 6
 
 ##### Tools
 - [check-perf-tuning](#check-perf-tuning)  
+- [check-satellite-ip](#check-satellite-ip)
 - [mongo-benchmark](#mongo-benchmark)  
 - [mongo-size-report](#mongo-size-report)  
 - [postgres-monitor](#postgres-monitor)  
@@ -18,6 +19,11 @@ Tools for use in supporting the operation of Satellite 6
 
 Utility to check performance tuning parameters on your Satellite 6 server.
 
+## [check-satellite-ip](check_satellite_ip.sh)
+
+Check the list of IP addresses given in https://access.redhat.com/articles/1525183
+to determine if firewall ports are open for CDN IP addresses.
+
 ## [mongo-benchmark](mongo-benchmark)
 
 Utility used for checking IO speed specific to MongoDB. See: