Skip to content

Instantly share code, notes, and snippets.

@n0531m

n0531m/list_gcp_iprange.sh

Last active January 3, 2025 02:25
Show Gist options
  • Save n0531m/f3714f6ad6ef738a3b0a to your computer and use it in GitHub Desktop.
Save n0531m/f3714f6ad6ef738a3b0a to your computer and use it in GitHub Desktop.
Download ZIP
Google Cloud Platform : ip address range
Raw
list_gcp_iprange.sh
#!/bin/bash
# https://cloud.google.com/compute/docs/faq#find_ip_range
# nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
myarray=()
for LINE in `dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE)
for LINE2 in `dig txt $LINE +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE2)
done
done
for LINE in ${myarray[@]}
do
dig txt $LINE +short | tr " " "\n"
done | grep ip4 | cut -f 2 -d : | sort -n +0 +1 +2 +3 -t .
# changing target to _spf.google.com, you can get a simliar range now for Google Apps mail servers.
# https://support.google.com/a/answer/60764
# changing it to _netblocks.google.com will help get all the ip ranges google uses for its services.
@morrowc
Copy link

morrowc commented Sep 2, 2021

@morrowc Sorry, I was probably a little unclear. So, here's where I'm at:

  • I have a VLAN with IoT garbage on it. There's a few different things, but for now I'll just focus on the google home. That VLAN basically denies all internet traffic from any device, except from devices I specifically permit to destinations I specifically permit. That way I don't end up with my smart toaster or whatever connecting to a malicious CNC server. That means that without a specific firewall rule written, any device on that VLAN has NO outbound internet access.

ok, seems sensible, time-intensive, but sensible ;)

  • Right now, one of the rules I have allows my google home to talk to google. I forget which IP list it was, but basically it (I think) includes every IP range and network that's published by GCP

Sorry, 'GCP' does not publish ip ranges nor networks.
Google does, we publish 2 lists (in 3 different forms):
goog.json - All routes (networks) which AS15169 provides reachability to from the Internet
cloud.json - All routes (networks) which belong to the ARIN OrgId "GOOGL-2"

goog.json include, among other things, all of the cloud.json networks.

  • That's fine, but my beef with that is that any random person could stand-up a malicious service, and as long as it was hosted on GCP......my google home would be able to communicate with it

agreed, you should exception the cloud.json content from goog.json.

  • What I'd like to do is restrict it even more so that my google home can only communicate with the IP ranges used by google official products, and exclude the IP ranges and networks used by customers. That way, my google home can check-in with google for various reasons, but couldn't talk to malicious services running on GCP

Sure you need some simple set-math, I expect, if this were python we're talking about, something like:
goog = <slurp in goog.json, return just a set([]) of ipaddr.IPNetwork() parts>
cloud = <slurp in cloud.json, return just a set([]) of ipaddr.IPNetwork() parts>

what_robert_wants = goog - cloud

I think that'd return you a simple set([]) of just the google service address space.

Hopefully that makes more sense.

I might be way off track here, but my understanding of things is this:
venn

that's not really accurate, no.

I think what I currently have is the yellow set. What I'd like to do, is find a way to narrow that down to the red set so that I can exclude the green set.

that's the set math above, yes.

@robertmain
Copy link

robertmain commented Sep 2, 2021
edited
Loading

ok, seems sensible, time-intensive, but sensible ;)

When I've wrapped my brain round this - I'm planning to automate it with a cron job :)

Sorry, 'GCP' does not publish ip ranges nor networks.

Gotcha. I guess I just meant that I thought I might've basically added "Everything Google and/or GCP" to my allow list, rather than a narrow subset

that's not really accurate, no.

Ah. I'm not too familiar with how GCP does things ๐Ÿ™ƒ

that's the set math above, yes.

Thank you for clarifying that and for your help! ๐Ÿ‘

@ricardomaia
Copy link

Download and transform the list of Google IP ranges from JSON to CSV using curl, jq and sed.

curl https://www.gstatic.com/ipranges/goog.json | \
jq -r '.prefixes[].ipv4Prefix, .prefixes[].ipv6Prefix |  select (. != null)' | sed 's/^\|$/"/g' | paste -sd, - \
&& curl https://www.gstatic.com/ipranges/cloud.json | \
jq -r '.prefixes[].ipv4Prefix, .prefixes[].ipv6Prefix | select (. != null)' | sed 's/^\|$/"/g'| paste -sd, - \
> google-ranges.csv

@NNdroid
Copy link

NNdroid commented Aug 29, 2023

GCP IPv4 Range:

34.80.0.0/15
34.137.0.0/16
35.185.128.0/19
35.185.160.0/20
35.187.144.0/20
35.189.160.0/19
35.194.128.0/17
35.201.128.0/17
35.206.192.0/18
35.220.32.0/21
35.221.128.0/17
35.229.128.0/17
35.234.0.0/18
35.235.16.0/20
35.236.128.0/18
35.242.32.0/21
104.155.192.0/19
104.155.224.0/20
104.199.128.0/18
104.199.192.0/19
104.199.224.0/20
104.199.242.0/23
104.199.244.0/22
104.199.248.0/21
107.167.176.0/20
130.211.240.0/20
34.92.0.0/16
34.96.128.0/17
34.104.88.0/21
34.124.24.0/21
34.150.0.0/17
35.215.128.0/18
35.220.27.0/24
35.220.128.0/17
35.241.64.0/18
35.242.27.0/24
35.243.8.0/21
34.84.0.0/16
34.85.0.0/17
34.104.62.0/23
34.104.128.0/17
34.127.190.0/23
34.146.0.0/16
34.157.64.0/20
34.157.164.0/22
34.157.192.0/20
35.187.192.0/19
35.189.128.0/19
35.190.224.0/20
35.194.96.0/19
35.200.0.0/17
35.213.0.0/17
35.220.56.0/22
35.221.64.0/18
35.230.240.0/20
35.242.56.0/22
35.243.64.0/18
104.198.80.0/20
104.198.112.0/20
34.97.0.0/16
34.104.49.0/24
34.127.177.0/24
35.217.128.0/17
35.220.45.0/24
35.242.45.0/24
35.243.56.0/21
34.0.96.0/19
34.22.64.0/19
34.22.96.0/20
34.64.32.0/19
34.64.64.0/22
34.64.68.0/22
34.64.72.0/21
34.64.80.0/20
34.64.96.0/19
34.64.128.0/22
34.64.132.0/22
34.64.136.0/21
34.64.144.0/20
34.64.160.0/19
34.64.192.0/18
35.216.0.0/17
34.0.227.0/24
34.93.0.0/16
34.100.128.0/17
34.104.108.0/23
34.124.44.0/23
34.152.64.0/22
34.157.87.0/24
34.157.215.0/24
34.177.32.0/22
35.200.128.0/17
35.201.41.0/24
35.207.192.0/18
35.220.42.0/24
35.234.208.0/20
35.242.42.0/24
35.244.0.0/18
34.0.0.0/20
34.104.120.0/23
34.124.56.0/23
34.126.208.0/20
34.131.0.0/16
34.21.128.0/17
34.87.0.0/17
34.87.128.0/18
34.104.58.0/23
34.104.106.0/23
34.124.42.0/23
34.124.128.0/17
34.126.64.0/18
34.126.128.0/18
34.128.44.0/23
34.128.60.0/23
34.142.128.0/17
34.143.128.0/17
34.157.82.0/23
34.157.88.0/23
34.157.210.0/23
35.185.176.0/20
35.186.144.0/20
35.187.224.0/19
35.197.128.0/19
35.198.192.0/18
35.213.128.0/18
35.220.24.0/23
35.234.192.0/20
35.240.128.0/17
35.242.24.0/23
35.247.128.0/18
34.101.18.0/24
34.101.20.0/22
34.101.24.0/22
34.101.32.0/19
34.101.64.0/18
34.101.128.0/17
34.128.64.0/18
34.152.68.0/24
34.157.254.0/24
35.219.0.0/17
34.40.128.0/17
34.87.192.0/18
34.104.104.0/23
34.116.64.0/18
34.124.40.0/23
34.128.36.0/24
34.128.48.0/24
34.151.64.0/18
34.151.128.0/18
35.189.0.0/18
35.197.160.0/19
35.201.0.0/19
35.213.192.0/18
35.220.41.0/24
35.234.224.0/20
35.242.41.0/24
35.244.64.0/18
34.0.16.0/20
34.104.122.0/23
34.124.58.0/23
34.126.192.0/20
34.129.0.0/16
34.0.240.0/20
34.104.116.0/22
34.116.128.0/17
34.118.0.0/17
34.124.52.0/22
34.88.0.0/16
34.104.96.0/21
34.124.32.0/21
35.203.232.0/21
35.217.0.0/18
35.220.26.0/24
35.228.0.0/16
35.242.26.0/24
34.0.192.0/19
34.157.44.0/23
34.157.172.0/23
34.164.0.0/16
34.175.0.0/16
8.34.208.0/23
8.34.211.0/24
8.34.220.0/22
23.251.128.0/20
34.22.112.0/20
34.22.128.0/17
34.34.128.0/18
34.38.0.0/16
34.76.0.0/14
34.118.254.0/23
34.140.0.0/16
35.187.0.0/17
35.187.160.0/19
35.189.192.0/18
35.190.192.0/19
35.195.0.0/16
35.205.0.0/16
35.206.128.0/18
35.210.0.0/16
35.220.96.0/19
35.233.0.0/17
35.240.0.0/17
35.241.128.0/17
35.242.64.0/19
104.155.0.0/17
104.199.0.0/18
104.199.66.0/23
104.199.68.0/22
104.199.72.0/21
104.199.80.0/20
104.199.96.0/20
130.211.48.0/20
130.211.64.0/19
130.211.96.0/20
146.148.2.0/23
146.148.4.0/22
146.148.8.0/21
146.148.16.0/20
146.148.112.0/20
192.158.28.0/22
34.32.0.0/17
34.152.80.0/23
34.177.36.0/23
34.17.0.0/16
34.157.124.0/23
34.157.250.0/23
34.39.0.0/17
34.89.0.0/17
34.105.128.0/17
34.127.186.0/23
34.128.52.0/22
34.142.0.0/17
34.147.128.0/17
34.157.36.0/22
34.157.40.0/22
34.157.168.0/22
35.189.64.0/18
35.197.192.0/18
35.203.210.0/23
35.203.212.0/22
35.203.216.0/22
35.214.0.0/17
35.220.20.0/22
35.230.128.0/19
35.234.128.0/19
35.235.48.0/20
35.242.20.0/22
35.242.128.0/18
35.246.0.0/17
34.0.224.0/24
34.0.226.0/24
34.40.0.0/17
34.89.128.0/17
34.104.112.0/23
34.107.0.0/17
34.118.244.0/22
34.124.48.0/23
34.141.0.0/17
34.157.48.0/20
34.157.176.0/20
34.159.0.0/16
35.198.64.0/18
35.198.128.0/18
35.207.64.0/18
35.207.128.0/18
35.220.18.0/23
35.234.64.0/18
35.235.32.0/20
35.242.18.0/23
35.242.192.0/18
35.246.128.0/17
34.32.128.0/17
34.34.0.0/17
34.90.0.0/15
34.104.126.0/23
34.124.62.0/23
34.141.128.0/17
34.147.0.0/17
34.157.80.0/23
34.157.92.0/22
34.157.208.0/23
34.157.220.0/22
35.204.0.0/16
35.214.128.0/17
35.220.16.0/23
35.234.160.0/20
35.242.16.0/23
34.65.0.0/16
34.104.110.0/23
34.124.46.0/23
35.216.128.0/17
35.220.44.0/24
35.235.216.0/21
35.242.44.0/24
34.0.160.0/19
34.154.0.0/16
34.157.8.0/23
34.157.121.0/24
34.157.136.0/23
34.157.249.0/24
35.219.224.0/19
34.1.0.0/20
34.155.0.0/16
34.157.12.0/22
34.157.140.0/22
34.163.0.0/16
34.36.0.0/16
34.95.64.0/18
34.96.64.0/18
34.98.64.0/18
34.102.128.0/17
34.104.27.0/24
34.107.128.0/17
34.110.128.0/17
34.111.0.0/16
34.116.0.0/21
34.117.0.0/16
34.120.0.0/16
34.128.128.0/18
34.144.192.0/18
34.149.0.0/16
34.160.0.0/16
35.186.192.0/18
35.190.0.0/18
35.190.64.0/19
35.190.112.0/20
35.201.64.0/18
35.227.192.0/18
35.241.0.0/18
35.244.128.0/17
107.178.240.0/20
130.211.4.0/22
130.211.8.0/21
130.211.16.0/20
130.211.32.0/20
34.1.32.0/20
34.18.0.0/16
34.157.126.0/23
34.157.252.0/23
34.1.48.0/20
34.152.84.0/23
34.166.0.0/16
34.177.48.0/23
34.0.64.0/19
34.157.90.0/23
34.157.216.0/23
34.165.0.0/16
34.19.128.0/17
34.20.0.0/17
34.47.0.0/18
34.95.0.0/18
34.104.76.0/22
34.118.128.0/18
34.124.12.0/22
34.128.37.0/24
34.128.42.0/23
34.128.49.0/24
34.128.58.0/23
34.152.0.0/18
35.203.0.0/17
35.215.0.0/18
35.220.43.0/24
35.234.240.0/20
35.242.43.0/24
34.0.32.0/20
34.104.114.0/23
34.124.50.0/23
34.124.112.0/20
34.130.0.0/16
34.152.69.0/24
34.157.255.0/24
34.39.128.0/17
34.95.128.0/17
34.104.80.0/21
34.124.16.0/21
34.151.0.0/18
34.151.192.0/18
35.198.0.0/18
35.199.64.0/18
35.215.192.0/18
35.220.40.0/24
35.235.0.0/20
35.242.40.0/24
35.247.192.0/18
34.0.48.0/20
34.104.50.0/23
34.127.178.0/23
34.176.0.0/16
8.34.210.0/24
8.34.212.0/22
8.34.216.0/22
8.35.192.0/21
23.236.48.0/20
23.251.144.0/20
34.0.225.0/24
34.16.0.0/17
34.27.0.0/16
34.28.0.0/14
34.33.0.0/16
34.41.0.0/16
34.42.0.0/16
34.44.0.0/15
34.46.0.0/16
34.66.0.0/15
34.68.0.0/14
34.72.0.0/16
34.118.200.0/21
34.121.0.0/16
34.122.0.0/15
34.128.32.0/22
34.132.0.0/14
34.136.0.0/16
34.157.84.0/23
34.157.96.0/20
34.157.212.0/23
34.157.224.0/20
34.170.0.0/15
34.172.0.0/15
34.177.52.0/22
35.184.0.0/16
35.188.0.0/17
35.188.128.0/18
35.188.192.0/19
35.192.0.0/15
35.194.0.0/18
35.202.0.0/16
35.206.64.0/18
35.208.0.0/15
35.220.64.0/19
35.222.0.0/15
35.224.0.0/15
35.226.0.0/16
35.232.0.0/16
35.238.0.0/15
35.242.96.0/19
104.154.16.0/20
104.154.32.0/19
104.154.64.0/19
104.154.96.0/20
104.154.113.0/24
104.154.114.0/23
104.154.116.0/22
104.154.120.0/23
104.154.128.0/17
104.155.128.0/18
104.197.0.0/16
104.198.16.0/20
104.198.32.0/19
104.198.64.0/20
104.198.128.0/17
107.178.208.0/20
108.59.80.0/21
130.211.112.0/20
130.211.128.0/18
130.211.192.0/19
130.211.224.0/20
146.148.32.0/19
146.148.64.0/19
146.148.96.0/20
162.222.176.0/21
173.255.112.0/21
199.192.115.0/24
199.223.232.0/22
199.223.236.0/24
34.22.0.0/19
35.186.0.0/17
35.186.128.0/20
35.206.32.0/19
35.220.46.0/24
35.242.46.0/24
107.167.160.0/20
108.59.88.0/21
173.255.120.0/21
34.23.0.0/16
34.24.0.0/15
34.26.0.0/16
34.73.0.0/16
34.74.0.0/15
34.98.128.0/21
34.118.250.0/23
34.138.0.0/15
34.148.0.0/16
34.152.72.0/21
34.177.40.0/21
35.185.0.0/17
35.190.128.0/18
35.196.0.0/16
35.207.0.0/18
35.211.0.0/16
35.220.0.0/20
35.227.0.0/17
35.229.16.0/20
35.229.32.0/19
35.229.64.0/18
35.231.0.0/16
35.237.0.0/16
35.242.0.0/20
35.243.128.0/17
104.196.0.0/18
104.196.65.0/24
104.196.66.0/23
104.196.68.0/22
104.196.96.0/19
104.196.128.0/18
104.196.192.0/19
162.216.148.0/22
34.21.0.0/17
34.48.0.0/16
34.85.128.0/17
34.86.0.0/16
34.104.60.0/23
34.104.124.0/23
34.118.252.0/23
34.124.60.0/23
34.127.188.0/23
34.145.128.0/17
34.150.128.0/17
34.157.0.0/21
34.157.16.0/20
34.157.128.0/21
34.157.144.0/20
35.186.160.0/19
35.188.224.0/19
35.194.64.0/19
35.199.0.0/18
35.212.0.0/17
35.220.60.0/22
35.221.0.0/18
35.230.160.0/19
35.234.176.0/20
35.236.192.0/18
35.242.60.0/22
35.243.40.0/21
35.245.0.0/16
34.1.16.0/20
34.157.32.0/22
34.157.160.0/22
34.162.0.0/16
34.104.56.0/23
34.127.184.0/23
34.161.0.0/16
35.206.10.0/23
34.0.128.0/19
34.157.46.0/23
34.157.174.0/23
34.174.0.0/16
34.19.0.0/17
34.82.0.0/15
34.105.0.0/17
34.118.192.0/21
34.127.0.0/17
34.145.0.0/17
34.157.112.0/21
34.157.240.0/21
34.168.0.0/15
35.185.192.0/18
35.197.0.0/17
35.199.144.0/20
35.199.160.0/19
35.203.128.0/18
35.212.128.0/17
35.220.48.0/21
35.227.128.0/18
35.230.0.0/17
35.233.128.0/17
35.242.48.0/21
35.243.32.0/21
35.247.0.0/17
104.196.224.0/19
104.198.0.0/20
104.198.96.0/20
104.199.112.0/20
34.20.128.0/17
34.94.0.0/16
34.102.0.0/17
34.104.64.0/21
34.108.0.0/16
34.118.248.0/23
34.124.0.0/21
35.215.64.0/18
35.220.47.0/24
35.235.64.0/18
35.236.0.0/17
35.242.47.0/24
35.243.0.0/21
34.22.32.0/19
34.104.52.0/24
34.106.0.0/16
34.127.180.0/24
35.217.64.0/18
35.220.31.0/24
35.242.31.0/24
34.16.128.0/17
34.104.72.0/22
34.118.240.0/22
34.124.8.0/22
34.125.0.0/16
35.219.128.0/18

GCP IPv6 Range:

2600:1900:4030::/44
2600:1900:41a0::/44
2600:1900:4050::/44
2600:1900:41d0::/44
2600:1901:8180::/44
2600:1900:40a0::/44
2600:1900:41b0::/44
2600:1900:4080::/44
2600:1901:8170::/44
2600:1900:40b0::/44
2600:1900:41c0::/44
2600:1900:4140::/44
2600:1900:4150::/44
2600:1901:8100::/44
2600:1900:4010::/44
2600:1901:81f0::/44
2600:1901:81b0::/44
2600:1900:40c0::/44
2600:1900:40d0::/44
2600:1900:4060::/44
2600:1900:4160::/44
2600:1901:8110::/44
2600:1901:8120::/44
2600:1901::/48
2600:1901:81c0::/44
2600:1900:5400::/44
2600:1901:8160::/44
2600:1900:40e0::/44
2600:1900:41e0::/44
2600:1900:40f0::/44
2600:1901:4010::/44
2600:1900:4000::/44
2600:1900:4070::/44
2600:1900:4020::/44
2600:1900:4090::/44
2600:1901:8130::/44
2600:1901:8150::/44
2600:1901:8140::/44
2600:1900:4040::/44
2600:1900:4120::/44
2600:1900:4170::/44
2600:1900:4180::/44

@mosqueteiro
Copy link

Is this working consistently for anyone? I've added this list of over 500 IP ranges and still consistently getting IPs from google that are outside of this list.

@lord-alfred
Copy link

@mosqueteiro, all IP range updates are in: https://github.com/lord-alfred/ipranges

@f1-outsourcing
Copy link

@mosqueteiro, all IP range updates are in: https://github.com/lord-alfred/ipranges

I just had a look, nice to see you also have digital ocean.

However the goal for me to use the ip ranges varies. So all the scans for eg wordpress sites etc I like to block. Obviously I don't want to block search engine indexing of bing/google etc.

Real people that are browsing websites are not in the digital ocean cloud nor in azure, so blocking all that shit is good for the environment. You will clearly see less resource utilization. So it would be nice to see such distinction, although I don't really have yet an idea how to do this properly myself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment