I made a version of Mr. Magill's script to read the dshield.org's block list and create null routes for it. He deserves all of the credit, but none of the blame in case it doesn't work for you. I'm not a TCL programmer - use at your own risk. Anyone else have any nifty TCL for Cisco scripts they can share? I'm curious to know what's possible and what people have done. ############################################################ # updatedshield.tcl # # # # Peter Pauly # # # # based on the updatedrop.tcl script by: # # Thomas Magill # # # # Reads Dshield.org block list and null routes it. # # # # alias exec updatedshield tclsh updatedshield.tcl # # Untested in YOUR environment - use at your own risk # ############################################################ proc convertmask {args} { set mask [expr {~ 0 << ( 32 - $args )}] format "%d.%d.%d.%d" [expr {$mask >> 24 & 255}] [expr {$mask >> 16 & 255}] [expr {$mask >> 8 & 255}] [expr {$mask & 255}] } proc getfile {url} { global http if {![regexp -nocase {^(http://)?([^:/]+)(:([0-9])+)?(/.*)} \ $url x protocol server y port path]} { error "bogus URL: $url" } if {[string length $port] == 0} { set port 80 } set sock [socket $server $port] puts $sock "GET $path HTTP/1.0" puts $sock "Accept: */*" puts $sock "Accept-Language: en-us" puts $sock "Accept-Encoding: gzip, deflate" puts $sock "Host: www.dshield.org" puts $sock "Connection: Keep-Alive" puts $sock "Cache-Control: no-cache" puts $sock "" flush $sock return $sock } #REMOVE OLD Null Routes set oldline [ exec "show run | inc Dshield_block" ] foreach line [split $oldline "\n"] { if {$line != ""} { ios_config "no $line"} {} } #UPDATE Blocklist set newline [getfile www.dshield.org/block.txt] while { [gets $newline line] >= 0 } { if {[regexp {(?x)(\S+)\t(\S+)\t(\S+) } $line ignore ipaddr endip cidr]} { if {$ipaddr == "Start"} continue set mask [convertmask $cidr] ios_config "ip route $ipaddr $mask null0 name Dshield_block" } }