Since I’m not much of a painter…

Han Solo watches Bob Ross
Happy little lego

I recently had surgery and was more or less confined to a bed or couch for a week.


As most good geeks will tell you, our brains don’t do “idle” very well - that’s when we start breaking things just to see if they can be broken!


I decided to start poking around in my home network and, after playing a bit with Cisco EEM, I thought, “Gee, wouldn’t it be really nice if I could just have something that would automatically update my inbound and outbound access lists with IP’s and ranges from the myriad of blacklist providers available?”


Sadly after a day or so of posting in forums and consulting “The Goog”, I was unable to find a solution. I was actually a bit surprised by this, it seemed to me that someone should have already done this by now.


Ideally, I wanted to just be able to add a list of URLs to the router and have EEM automatically go out and download the list, convert it to an ACL and apply it. What I had to settle for was writing this Perl script, but that now means I have multiple “things” to manage since now I have to store the perl script on a Linux box running tftp. It would be much nicer to have only 1 management source (the router).


Just gimme the script already!


The script includes several providers of blocklists by default, so you can run the script by just specifying an interface in or out (or both), like so:

./blacklist2acl.pl -intin gi0/0


Or:

./blacklist2acl.pl -intout gi0/1


Or both:

./blacklist2acl.pl -intout gi0/0 -intout gi0/1


This command would run against all of the default sites, collect the IP’s from them and spit out the IOS commands for pasting/tftp to your router.


To get a list of the default sites, try:

./blacklist2acl.pl -list


You can add to this list, skip specific ones, skip all, or choose to only run a single one.


Use -h for other options.

Posted 
October 6, 2015
 in 
LogZilla University
 category

More from the

LogZilla University

 category

View All