Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Dynamic Access List using iblocklist.com

Is it possible to dynamically block IP's using blocklists from something like iblocklist.com?

Seems like there should be a way to monitor a given list like the known spyware list:

http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz

And, given that, pull the list and modify the local router/fw access list to block access.

The list has entries similar to:

trojans:222.189.238.210-222.189.238.210

Anyone know if this is possible or has a script for it?

Everyone's tags (2)
4 REPLIES
Cisco Employee

Assuming you can get the file

Assuming you can get the file in text format uncompressed via an HTTP stream, you could create an EEM Tcl script that periodically fetches the file (using the built-in HTTP 1.0 client library), parses it, then creates an ACL for it.  I recommend you recreate the ACL as a temporary one first, then juggle the names to limit the size of the "open" window.

 

I thought someone created a similar script a while ago using a different blocking service, but I can't seem to find it.  Perhaps your searches will yield better results.

New Member

Hi Joe!I should have thought

Hi Joe!

I should have thought to just email you directly :-)

I ended up writing a Perl script that does the trick, but that method isn't as seamless/elegant as I was aiming for.

My hope was to just set a series of URLs in the router and have them check for new entries every day or week or whatever and create the acl's based on that.

What I wrote in Perl works great as far as going and getting everything and building it properly, but now I have to run a tftp server and schedule the router to periodically grab the result - plus have the perl script run via cron every X days.

So instead of just letting the router be the "smart guy", I now have multiple components to manage (router, linux box, perl script, etc.).

What year is this?

One would think we'd have better toys by now darnit! hehe

Anyhoo, I was going to put up a blog post so someone else can benefit from my work later on. I'll put the link here once I finish the post.

For future visitors: If you do manage to do this solely using EEM, I think it would be very useful!

 

 

Cisco Employee

Like I said, this is very

Like I said, this is very doable with EEM provided there is a text-only download link (i.e., one that doesn't require an unzip).  I don't know the service to know if such a link exists.  At the very least, you could automate the download and decompression on your Linux box, then have EEM periodically download the uncompressed file and do the application of the ACLs.

New Member

Thanks!Here's the blog post -

Thanks!

Here's the blog post - I'd love to see this done in EEM, seems like it'd be pretty handy for folks. Alas, I don't know how to do it :)

http://www.logzilla.net/blog/using-perl-to-convert-ip-blocklists-blacklists-to-cisco-access-lists

 

403
Views
0
Helpful
4
Replies
CreatePlease to create content