the problem:
i have public ips and a mail server and thus a compilicated firewall that just as most firewalls allows certain stuff and blocks all else.
The problem here is amazon. they have a million ip blocks and unless you open them up in my firewall rules apps and thinks dont work right.. Especially apps on my phone like the amazon app and other companies that use aws. They are probably using non standard ports .
the solution if anyone is interested i did was periodically pulling there address block lists (8K) and using wget,sed etc on my qnap nas generated an iptables address list file in the correct format to load into my mikrotik router whenever the firewall is reloaded..
sed on windows will not work as i found out due to the remove quotes and whitespace issue.
ie
[/share/qnapshared/amazonaws] # cat prepareaws.sh*
#!/bin/bash
cd /share/qnapshared/amazonaws
wget -O aws1 https://ip-ranges.amazonaws.com/ip-ranges.json
cat aws1 | grep ip_prefix > aws2
cat aws2 | sed s/[[:space:]]//g > aws3
cat aws3 | sed s#"ip_prefix":"#:do\ {\ add\ address=# > aws4
echo '/log info "Loading Amazon AWS address list"' > amazonaws
echo '/ip firewall address-list remove [/ip firewall address-list find list=AmazonAWS]' >> amazonaws
echo '/ip firewall address-list' >> amazonaws
cat aws4 | sed s#",#\ list=AmazonAWS\ }\ on-error={}# >> amazonaws
[/share/qnapshared/amazonaws] # head amazonaws
/log info "Loading Amazon AWS address list"
/ip firewall address-list remove [/ip firewall address-list find list=AmazonAWS]
/ip firewall address-list
:do { add address=3.2.34.0/26 list=AmazonAWS } on-error={}
:do { add address=3.5.140.0/22 list=AmazonAWS } on-error={}
:do { add address=13.34.37.64/27 list=AmazonAWS } on-error={}
:do { add address=13.34.65.64/27 list=AmazonAWS } on-error={}
:do { add address=13.34.66.0/27 list=AmazonAWS } on-error={}
:do { add address=13.34.78.160/27 list=AmazonAWS } on-error={}
:do { add address=13.34.103.96/27 list=AmazonAWS } on-error={}
[/share/qnapshared/amazonaws] #
