nanog mailing list archives
Re: Update Spamhaus DROP list from Cisco CLI (TCL)
From: Peter Pauly <ppauly () gmail com>
Date: Tue, 25 Jan 2011 10:29:30 -0500
I made a version of Mr. Magill's script to read the dshield.org's block list and create null routes for it. He deserves all of the credit, but none of the blame in case it doesn't work for you. I'm not a TCL programmer - use at your own risk. Anyone else have any nifty TCL for Cisco scripts they can share? I'm curious to know what's possible and what people have done. ############################################################ # updatedshield.tcl # # # # Peter Pauly # # # # based on the updatedrop.tcl script by: # # Thomas Magill # # # # Reads Dshield.org block list and null routes it. # # # # alias exec updatedshield tclsh updatedshield.tcl # # Untested in YOUR environment - use at your own risk # ############################################################ proc convertmask {args} { set mask [expr {~ 0 << ( 32 - $args )}] format "%d.%d.%d.%d" [expr {$mask >> 24 & 255}] [expr {$mask >> 16 & 255}] [expr {$mask >> 8 & 255}] [expr {$mask & 255}] } proc getfile {url} { global http if {![regexp -nocase {^(http://)?([^:/]+)(:([0-9])+)?(/.*)} \ $url x protocol server y port path]} { error "bogus URL: $url" } if {[string length $port] == 0} { set port 80 } set sock [socket $server $port] puts $sock "GET $path HTTP/1.0" puts $sock "Accept: */*" puts $sock "Accept-Language: en-us" puts $sock "Accept-Encoding: gzip, deflate" puts $sock "Host: www.dshield.org" puts $sock "Connection: Keep-Alive" puts $sock "Cache-Control: no-cache" puts $sock "" flush $sock return $sock } #REMOVE OLD Null Routes set oldline [ exec "show run | inc Dshield_block" ] foreach line [split $oldline "\n"] { if {$line != ""} { ios_config "no $line"} {} } #UPDATE Blocklist set newline [getfile www.dshield.org/block.txt] while { [gets $newline line] >= 0 } { if {[regexp {(?x)(\S+)\t(\S+)\t(\S+) } $line ignore ipaddr endip cidr]} { if {$ipaddr == "Start"} continue set mask [convertmask $cidr] ios_config "ip route $ipaddr $mask null0 name Dshield_block" } }
Current thread:
- Update Spamhaus DROP list from Cisco CLI (TCL) Thomas Magill (Jan 19)
- Re: Update Spamhaus DROP list from Cisco CLI (TCL) Jared Mauch (Jan 19)
- Re: Update Spamhaus DROP list from Cisco CLI (TCL) Jack Bates (Jan 20)
- Re: Update Spamhaus DROP list from Cisco CLI (TCL) Suresh Ramasubramanian (Jan 19)
- RE: Update Spamhaus DROP list from Cisco CLI (TCL) Thomas Magill (Jan 20)
- Re: Update Spamhaus DROP list from Cisco CLI (TCL) Peter Pauly (Jan 25)
- Re: Update Spamhaus DROP list from Cisco CLI (TCL) Jared Mauch (Jan 19)