#!/usr/bin/env bash
# script for populating iptables with incapsula IPs
# to use this, send http and https traffic to the incapsula chain
# then schedule a daily task which runs this script

iptables -N incapsula
iptables -F incapsula
curl -k -s --data "resp_format=json" https://my.incapsula.com/api/integration/v1/ips  | jq -r '.ipRanges | @csv' | tr ',' '\n' | tr -d \" | while read i; do
iptables -A incapsula -s $i -j ACCEPT
done
iptables -A incapsula -j DROP