[Outages-discussion] [outages] Dynamic blocklists to IOS ACL
Jeremy Chadwick
jdc at koitsu.org
Sat Oct 25 01:32:59 EDT 2014
On Sat, Oct 25, 2014 at 12:31:36AM -0400, Clayton Dukes via Outages wrote:
> Sorry for the off-topic post, but Google has not yielded much so I thought
> I would ask here.
>
> Does anyone know of, or have a script that can take in ip blocklists from
> https://www.iblocklist.com/lists.php and update a router's ACL? (IOS 12.x)
Moved to -discussion given subject.
1. You didn't say what language the "script" should be in, what OS it's
intended to be used on, or what tools are available (e.g. don't say perl
but then don't have LWP or zlib available).
2. On that site, all "file formats" other than "p2p" are labelled
"subscription-only". The problem with the "p2p" format is that the IP
addresses are ranges, not CIDR, which is completely ridiculous (it's
easier to confirm from the latter to the former).
There is a perl module on CPAN called Net::CIDR which has a function
called range2cidr() that can do all this, but the problem there is now
your script has to rely on a third-party module (it's pure text but
still). I suppose one could just extract the necessary functions from
CIDR.pm and use that with the "p2p" method, but still. :/
3. You'd need to provide the *exact* output you want (since the script
would likely just output all the IOS commands you could feed into the
CLI or through other means). Meaning: need an example command/line or
two.
All in all this is simple to do in perl + LWP. The gzip compression bit
can be done with Compress::Zlib which comes with perl natively.
--
| Jeremy Chadwick jdc at koitsu.org |
| UNIX Systems Administrator http://jdc.koitsu.org/ |
| Making life hard for others since 1977. PGP 4BD6C0CB |
More information about the Outages-discussion
mailing list