Update Spamhaus DROP list from Cisco CLI (TCL)

Peter Pauly ppauly at gmail.com
Tue Jan 25 09:29:30 CST 2011


I made a version of Mr. Magill's script to read the dshield.org's
block list and create null routes for it. He deserves all of the
credit, but none of the blame in case it doesn't work for you. I'm not
a TCL programmer - use at your own risk.
Anyone else have any nifty TCL for Cisco scripts they can share? I'm
curious to know what's possible and what people have done.

############################################################
# updatedshield.tcl                                        #
#                                                          #
# Peter Pauly                                              #
#                                                          #
# based on the updatedrop.tcl script by:                   #
# Thomas Magill                                            #
#                                                          #
# Reads Dshield.org block list and null routes it.         #
#                                                          #
# alias exec updatedshield tclsh updatedshield.tcl         #
# Untested in YOUR environment - use at your own risk      #
############################################################
proc convertmask {args} {
set mask [expr {~ 0 << ( 32 - $args )}]
format "%d.%d.%d.%d" [expr {$mask >> 24 & 255}] [expr {$mask >> 16 &
255}] [expr {$mask >> 8 & 255}] [expr {$mask & 255}]
}
proc getfile {url} {
        global http
        if {![regexp -nocase {^(http://)?([^:/]+)(:([0-9])+)?(/.*)} \
                        $url x protocol server y port path]} {
                error "bogus URL: $url"
        }
        if {[string length $port] == 0} {
                set port 80
        }
        set sock [socket $server $port]
        puts $sock "GET $path HTTP/1.0"
        puts $sock "Accept: */*"
        puts $sock "Accept-Language: en-us"
        puts $sock "Accept-Encoding: gzip, deflate"
        puts $sock "Host: www.dshield.org"
        puts $sock "Connection: Keep-Alive"
        puts $sock "Cache-Control: no-cache"
        puts $sock ""
    flush $sock
        return $sock
}
#REMOVE OLD Null Routes
set oldline [ exec "show run | inc Dshield_block" ]
foreach line [split $oldline "\n"] {
if {$line != ""} {
  ios_config "no $line"} {}
}
#UPDATE Blocklist
set newline [getfile www.dshield.org/block.txt]
while { [gets $newline line] >= 0 } {
  if {[regexp {(?x)(\S+)\t(\S+)\t(\S+) } $line ignore ipaddr endip cidr]} {
if {$ipaddr == "Start"} continue
set mask [convertmask $cidr]
ios_config "ip route $ipaddr $mask null0 name Dshield_block"
  }
}




More information about the NANOG mailing list