Dynamic ACL for cisco router to cut SPAM

Unanswered Question
Dec 2nd, 2013
User Badges:

Hi all.

We can find lists of blacklisted IPs on internet like this http://spam-ip.com/list-1.html
How to make cisco router create an access-list with a content taken from the resource above and prevent any traffic towards my network from those IPs?

Any other ideas to overcome that?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
daniel.dib Mon, 12/02/2013 - 23:30
User Badges:
  • Silver, 250 points or more

That's a long list of IPs, implementing it in an ACL with host entries would be challenging.

Anway, the first step for you would be to write a script that parses that data and makes an ACL out of it and stores that on a server. Then nightly a script could run that uploads the new ACL, you could use a tool like RANCID or Kiwi Cattools to help with this or write an Expect or PERL script.

Be careful when editing the ACL or you could lose traffic while it gets updated. It might be better to do something like:

conf t

ip access-list extended NEW_ACL

deny ip host x.x.x.x any

deny ip host y.y.y.y any

interface x/x

no ip access-group OLD_ACL in/out

ip access-group NEW_ACL in/out

There is also the possibility of downloading ACL from TFTP server to the running-config. I guess this could be automated with EEM as well and a timer that runs.

That should give you some ideas to get started. I also found this script called aclmaker which was written by someone to update ACLs.


Daniel Dib
CCIE #37149


This Discussion

Related Content