**This article is old, see new Blocklist2ACL 2.0 project.**
Hi folks! A little script I wrote with VBscript that pulls in IP blocklists from different third party URLs and converts them in to well-formatted Cisco ASA access-lists. The idea stemed from the old days of running PeerGuardian and Moblock to inhibit known malicious or unwanted IP address from attempting to connect and stopping them right then and there on your computer’s firewall. It is similar to URL Blocklists that focus on URLs and Domain Names, but instead filering is done by IPs only. I wanted to take this IP Blocklist concept that has primarly been done at the Desktop Fireweall layer and abstract it to the Network Firewall. In this case a Cisco ASA that way all traffic that any connection that crosses the Firewall will be filtered by this list.
The script is fairly straightforward and the source code is below so you may look through it. Feel free to improve upon it and share it with others. I have a few years of writing vbscripts, but am in no way a professional coder. Also, if you by any chance know Linux Shell or Qt and could potentially port this to Linux or even better JAVA for platform independence, let me know!! That would be sweet.
Video Tutorial
Screenshot
The Blocklists
Each blocklist is sourced by a third party maintainer, and distributed by them. I take no responsibilities for their content or any ownership of the content. Please review their usage terms.
Some blocklists require conversion from their native format to CIDR format for easy processing into the access-list format. To accomplish this, my script utilizes a web based Form hosted by Bluetrack, located here.(http://www.bluetack.co.uk/converter/).
Another shout out is to the writer of the following scripts on CDIR and subnet conversion, located here (http://www.indented.co.uk/2008/10/21/vbscript-subnet-math/) THANK YOU!!
GZIP Requirement
Lastly, you will need gzip.exe to un-gzip some of the blocklists that are downloaded as gzipped files. Luckly gzip is a GNU Free Software Foundation and can be downloaded via http://gnuwin32.sourceforge.net/packages/gzip.htm. Click on the Binaries ZIP link to download it from SourceForge. Look for the gzip.exe executable in the bin folder of the ZIP file. Copy this into the same directory as the HTA file.
Source Code: Blocklist2ACL-v3
<!--written by thejimmahknows-->; Blocklist2ACL by thejimmahknows<script>// <![CDATA[ Sub Window_onLoad window.resizeTo 675,875 End Sub Sub Sleep(Msecs) 'needed cause no Wscript object for HTA files Set SleepFSO = CreateObject("Scripting.FileSystemObject") If SleepFSO.FileExists("sleeper.vbs")=False Then Set objOutputSleeperFile = SleepFSO.CreateTextFile("sleeper.vbs", True) objOutputSleeperFile.Write "wscript.sleep Wscript.Arguments(0)" objOutputSleeperFile.Close End If CreateObject("Wscript.Shell").run "sleeper.vbs " & Msecs,1 , True End Sub Set WshShell = CreateObject("WScript.Shell") currPath = WshShell.CurrentDirectory 'currPath = CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName) 'constants and URLs Const ForReading = 1 Const ForWriting = 2 Const emergingURL = "http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" Const level1URL = "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz" Const sigmaprojectsURL = "http://blocklist.sigmaprojects.org/api.cfc?method=getlist&lists=webexploit,spyware,anti-infringement,spammers" Const dshieldURL = "http://feeds.dshield.org/block.txt" Dim outFile : outFile = currPath & "test_output.txt" Dim emergingFile : emergingFile = currPath & "emergingIPs.txt" Dim level1FileGZ : level1FileGZ = currPath & "level1.txt.gz" Dim level1File : level1File = currPath & "level1.txt" Dim sigmaprojectsFileGZ: sigmaprojectsFileGZ = currPath & "sigmaprojectsIPs.txt.gz" Dim sigmaprojectsFile: sigmaprojectsFile = currPath & "sigmaprojectsIPs.txt" Dim dshieldFile: dshieldFile = currPath & "dshieldIPs.txt" Dim mainOutputStr, ACL_NAME, logSuffix Sub WGET(URL, DownloadLocation) dim xHttp: Set xHttp = createobject("MSXML2.ServerXMLHTTP.6.0") dim bStrm: Set bStrm = createobject("Adodb.Stream") xHttp.Open "GET", URL , False xHttp.Send with bStrm .type = 1 '//binary .open .write xHttp.responseBody .savetofile DownloadLocation, 2 '//overwrite end with End Sub Sub unGZ(filePathGZ, filePath) Set objFSO = CreateObject("Scripting.FileSystemObject") execPath = chr(34) & currPath & "gzip.exe" & chr(34) & "-dqf " & chr(34) & filePathGZ & chr(34) 'run gzip uncompress WshShell.Run execPath 'loop until file exists from previous call fileExist = False Do Until fileExists = True If objFSO.fileExists (filePath) Then fileExists = True Else Sleep(2000) End If Loop End Sub Function TrimFile(file) Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(file, ForReading) Do Until objFile.AtEndOfStream strLine = objFile.Readline strLine = Trim(strLine) If Len(strLine) > 0 Then strNewContents = strNewContents & strLine & vbCrLf End If Loop objFile.Close Set objFile = objFSO.OpenTextFile(file, ForWriting) objFile.Write strNewContents objFile.Close End Function Function BlueTrackConverterPG2CIDR(inLine) 'only for P2P format blocklist files Dim objIE, sourceItem sourceItem = inLine Set objIE = CreateObject("InternetExplorer.Application") objIE.visible = False objIE.Navigate "http://www.bluetack.co.uk/converter/" Do Until objIE.readyState = 4 : Sleep(200) : Loop objIE.Document.getElementByID("fromformat").value = "pg" objIE.Document.getElementByID("toformat").value = "shorewall" objIE.Document.getElementByID("denyonly").value = "yes" objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps" objIE.Document.getElementByID("sortBy").value = "IP" 'paste in IE forum objIE.Document.getElementByID("sfrom").value = sourceItem Sleep(200) For Each INPUT in objIE.Document.getElementsByTagName("input") If INPUT.Value = "Convert" Then INPUT.Click Exit For End If Next 'return value Sleep(200) BlueTrackConverterPG2CIDR = objIE.Document.getElementByID("sto").value objIE.Quit Set objIE = Nothing End Function Function BlueTrackConverterDSHIELD2CIDR(inStr) 'only for DSHIELD conversions Dim objIE, runStr Set objIE = CreateObject("InternetExplorer.Application") objIE.visible = False objIE.Navigate "http://www.bluetack.co.uk/converter/" Do Until objIE.readyState = 4 : Sleep(200) : Loop objIE.Document.getElementByID("fromformat").value = "dshield" objIE.Document.getElementByID("toformat").value = "shorewall" objIE.Document.getElementByID("denyonly").value = "yes" objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps" objIE.Document.getElementByID("sortBy").value = "IP" 'paste in IE forum objIE.Document.getElementByID("sfrom").value = inStr For Each INPUT in objIE.Document.getElementsByTagName("input") If INPUT.Value = "Convert" Then INPUT.Click Exit For End If Next 'return outputStr BlueTrackConverterDSHIELD2CIDR = objIE.Document.getElementByID("sto").value objIE.Quit Set objIE = Nothing End Function Function MaskLengthToIP(intMask) ' Converts a mask length to the decimal format mask Dim arrOctets(3) Dim intFullOctets : intFullOctets = (intMask - (intMask Mod 8)) / 8 Dim i For i = 0 To (intFullOctets - 1) arrOctets(i) = "255" Next Dim intPartialOctetLen : intPartialOctetLen = intMask Mod 8 Dim j If intPartialOctetLen > 0 Then Dim intOctet For j = 0 To (intPartialOctetLen - 1) intOctet = intOctet + 2^(7 - j) Next arrOctets(i) = intOctet : i = i + 1 End If For j = i To 3 arrOctets(j) = "0" Next MaskLengthToIP = Join(arrOctets, ".") End Function Function CIDR2ACL(strLine, aclNameStr) 'check for blank line If Trim(strLine) <> "" Then If InStr(strLine, "/") > 0 Then pos_start = InStr(strLine, "/") 'get ip only tmpLen = Len(strLine) tmpIP = Mid(strLine, 1, pos_start - 1) 'need to convert slash to netmask subStr = Mid(strLine, pos_start +1 ) maskInt = CInt(subStr) subMaskStr = MaskLengthToIP(maskInt) 'return values CIDR2ACL = "access-list" & " " & aclNameStr & " " & "deny ip" & " " & tmpIP & " " & subMaskStr & " " & "any" & logSuffix & vbCrLf Else tmpIP = strLine subMaskStr = "255.255.255.255" 'return values CIDR2ACL = "access-list" & " " & aclNameStr & " " & "deny ip" & " " & tmpIP & " " & subMaskStr & " " & "any" & logSuffix & vbCrLf End If End If End Function Sub dshieldSUB Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(dshieldFile, ForReading) 'readall from file Dim tStr, strText strText = "" tStr = BlueTrackConverterDSHIELD2CIDR(objFile.ReadAll) arrLines = Split(tStr, vbCrLf) For Each line in arrLines strText = strText & CIDR2ACL(line, ACL_NAME) Next mainOutputStr = mainOutputStr & strText objFile.Close End Sub Sub emergingSUB() Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(emergingFile, ForReading) ' Do Until objFile.AtEndOfStream strText = objFile.ReadLine If strText = chr(127) Then 'do nothing ElseIf InStr(strText, "#") > 0 Then 'do nothing Else 'convert CIDR strText = CIDR2ACL(strText, ACL_NAME) mainOutputStr = mainOutputStr & strText End If Loop objFile.Close End Sub Sub sigmaprojectsSUB() Set objFSO = CreateObject("Scripting.FileSystemObject") Set objFile = objFSO.OpenTextFile(sigmaprojectsFile, ForReading) Do Until objFile.AtEndOfStream strText = objFile.ReadLine strText = CIDR2ACL(strText, ACL_NAME) mainOutputStr = mainOutputStr & strText Loop End Sub Sub level1SUB() Dim tStr, strTextLine, arrLines, runningStr, c Set objFSO = CreateObject("Scripting.FileSystemObject") Set objTextFile = objFSO.OpenTextFile(level1File, ForReading) c = 0 Do Until objTextFile.AtEndOfStream strTextLine = objTextFile.ReadLine If InStr(strTextLine, "#") > 0 Then 'do nothing ElseIf InStr(strTextLine, " ") > 0 Then 'do nothing ElseIf InStr(strTextLine, "") > 0 Then 'do nothing Else If c > 7500 Then 'execute 100 items at a time tStr = tStr & BlueTrackConverterPG2CIDR(runningStr) & vbCrLf 'reset counter c=0 runningStr = "" ElseIf objTextFile.AtEndOfStream = True Then tStr = tStr & BlueTrackConverterPG2CIDR(runningStr) & vbCrLf msgbox(tStr) Else runningStr = runningStr & strTextLine & vbCrLf 'increment counter c = c + 1 End If End If Loop arrLines = Split(tStr, vbCrLf) For Each line in arrLines strText = strText & CIDR2ACL(line, ACL_NAME) Next mainOutputStr = mainOutputStr & strText 'clean up objTextFile.Close End Sub Sub cleanUP() 'dump to file Set objFSO = CreateObject("Scripting.FileSystemObject") 'Set objOutputFile = objFSO.CreateTextFile(outFile) 'objOutputFile.Write mainOutputStr 'clear and output access-lists document.GetElementById("outputTextarea").Value = mainOutputStr 'objOutputFile.Close 'delete files dshieldIPs.txt , sigmaprojects.txt , emergingIPs Set delFSO = CreateObject("Scripting.FileSystemObject") If delFSO.FileExists(dshieldFile) Then delFSO.DeleteFile dshieldFile End If If delFSO.FileExists(sigmaprojectsFile) Then delFSO.DeleteFile sigmaprojectsFile End If If delFSO.FileExists(emergingFile) Then delFSO.DeleteFile emergingFile End If If delFSO.FileExists(level1File) Then delFSO.DeleteFile level1File End If 'remove sleeper.vbs If delFSO.FileExists("sleeper.vbs") Then delFSO.DeleteFile "sleeper.vbs" End If End Sub Sub runMe() 'clear mainOutputStr mainOutputStr = "" 'get ACL Name ACL_NAME = document.GetElementById("acl_textbox").value 'check log checkbox If document.GetElementById("log_checkbox").Checked Then logSuffix = " log" Else logSuffix = "" End If 'check checkboxes checked If document.GetElementById("emerging_checkbox").Checked Then 'execute Subs Call WGET(emergingURL, emergingFile) Call TrimFile(emergingFile) Call emergingSUB() End If If document.GetElementById("dshield_checkbox").Checked Then 'execute Subs Call WGET(dshieldURL, dshieldFile) Call TrimFile(dshieldFile) Call dshieldSUB() End If If document.GetElementById("sigmaprojects_checkbox").Checked Then 'execute Subs Call WGET(sigmaprojectsURL, sigmaprojectsFileGZ) Call unGZ(sigmaprojectsFileGZ, sigmaprojectsFile) Call sigmaprojectsSUB() End If If document.GetElementById("bluetrack1_checkbox").Checked Then 'execute Subs Call WGET(level1URL, level1FileGZ) Call unGZ(level1FileGZ, level1File) Call level1SUB() Call TrimFile(level1File) End If 'execute cleanup Call cleanUP() End Sub Sub ClearMe document.GetElementById("acl_textbox").value = "MyACL" document.GetElementById("log_checkbox").Checked = False document.GetElementById("emerging_checkbox").Checked = False document.GetElementById("dshield_checkbox").Checked = False document.GetElementById("sigmaprojects_checkbox").Checked = False document.GetElementById("bluetrack1_checkbox").Checked = False 'clear textarea document.GetElementById("outputTextarea").Value = "The access-list will appear here." End Sub // ]]> </script> <!--break line --> <center> <h2>Blocklist to Cisco ASA ACL converter</h2> <h4>Select Blocklist Sources to Convert</h4> </center> <form action=""><b>ACL Name:</b> <input id="acl_textbox" name="acl_textbox" type="textbox" value="MyACL" /> <input id="emerging_checkbox" name="emerging_checkbox" type="checkbox" /><a href="http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" target="_blank">Emerging Threats</a> <input id="dshield_checkbox" name="dshield_checkbox" type="checkbox" /><a href="http://feeds.dshield.org/block.txt" target="_blank">Dshield</a> <input id="sigmaprojects_checkbox" name="sigmaprojects_checkbox" type="checkbox" /><a href="https://blocklist.sigmaprojects.org/" target="_blank">Sigma Projects</a> <input id="bluetrack1_checkbox" name="bluetrack1_checkbox" type="checkbox" /><a href="https://www.iblocklist.com/list.php?list=bt_level1" target="_blank"> Bluetrack Level1</a> <b>Add log suffix to each ACL</b> <input id="log_checkbox" name="log_checkbox" type="checkbox" /> Log ACL <input name="runMeButton" type="button" value="Run Script" /> <input name="ClearMeButton" type="button" value="Clear" /></form><textarea id="outputTextarea" cols="75" rows="30">The access-list will appear here.</textarea>
Sources:
- http://www.bluetack.co.uk/
- http://www.bluetack.co.uk/converter/
- http://ibl.gamechaser.net/f/tagqfxtteucbuldhezkz/bt_level1.gz
- http://www.indented.co.uk/2008/10/21/vbscript-subnet-math/
- http://stackoverflow.com/questions/2973136/download-a-file-with-vbs
- https://www.iblocklist.com/list.php?list=bt_level1&fileformat=p2p&archiveformat=gz
Kudos! This is an excellent tool. Something I’ve been looking at doing for YEARS, but far too lazy to do. I’ve used/Frankensteined other peoples scripts, etc for nearly 20 years, but this was the first time I felt compelled to comment/complement them. Good job and thanks!!!
Thank you for the kind words Steve. I hope the tool comes in handy!
This looks like a very handy tool that will save me a lot of extra work , so I thank you. When I run the script I am getting a script error. It is saying Line 53 char 4 access denied.
The app was being blocked on my system and once that was cleared the script error stopped occurring. Any chance you could make a second version that would be supported on a router using the reverse mask? We do not have any ASA firewalls but this would be handy on a couple of our edge routers.
I’ve added new code with a Wildcard Notation checkbox. Let me know if it works for you. Thanks
https://www.dropbox.com/s/samyplr4wp5ee9l/Blocklist2ACL-v2.hta?dl=0
hello ,
I have a cisco switch , I really want to implement ur work but is this easier or the same thing ?
http://jebaird.com/2012/12/21/hosts-to-ip-host-generating-blocked-hosts-from-a-host-file-for-a-cisco-router.html
I would recommend doing this on something like a Firewall or an ASR. You run into hardware limitations on the list size. With an ASA you have the option of more RAM. Good luck!
THis looks really nice. I tried to download the script, but it is no longer available on dropbox. Do you have another link available for download? I tried copying the source into a file named the same thins, but that didn’t work.
When I double click on the .hta file it opens up to display the code
Try this link. http://s000.tinyupload.com/index.php?file_id=72289871875941697949
That link worked, thanks Jim!
Jim,
Whenever I select Dsheild, I get:
error: line 147, Char 4, Object required: ‘obje.Document.Getelementbyid(..)’,Code: 0,
Hey Gerry, seeing how many people were having issues with Internet Explorer compatiblity, I went ahead and ported the entire project over to Java. All you need is JRE 1.7+ and you can get it from the post I just published. I hope this works for you. Cheers!