**This article is old, see new Blocklist2ACL 2.0 project.**
Hi folks! A little script I wrote with VBscript that pulls in IP blocklists from different third party URLs and converts them in to well-formatted Cisco ASA access-lists. The idea stemed from the old days of running PeerGuardian and Moblock to inhibit known malicious or unwanted IP address from attempting to connect and stopping them right then and there on your computer’s firewall. It is similar to URL Blocklists that focus on URLs and Domain Names, but instead filering is done by IPs only. I wanted to take this IP Blocklist concept that has primarly been done at the Desktop Fireweall layer and abstract it to the Network Firewall. In this case a Cisco ASA that way all traffic that any connection that crosses the Firewall will be filtered by this list.
The script is fairly straightforward and the source code is below so you may look through it. Feel free to improve upon it and share it with others. I have a few years of writing vbscripts, but am in no way a professional coder. Also, if you by any chance know Linux Shell or Qt and could potentially port this to Linux or even better JAVA for platform independence, let me know!! That would be sweet.
Video Tutorial
Screenshot
The Blocklists
Each blocklist is sourced by a third party maintainer, and distributed by them. I take no responsibilities for their content or any ownership of the content. Please review their usage terms.
Some blocklists require conversion from their native format to CIDR format for easy processing into the access-list format. To accomplish this, my script utilizes a web based Form hosted by Bluetrack, located here.(http://www.bluetack.co.uk/converter/).
Another shout out is to the writer of the following scripts on CDIR and subnet conversion, located here (http://www.indented.co.uk/2008/10/21/vbscript-subnet-math/) THANK YOU!!
GZIP Requirement
Lastly, you will need gzip.exe to un-gzip some of the blocklists that are downloaded as gzipped files. Luckly gzip is a GNU Free Software Foundation and can be downloaded via http://gnuwin32.sourceforge.net/packages/gzip.htm. Click on the Binaries ZIP link to download it from SourceForge. Look for the gzip.exe executable in the bin folder of the ZIP file. Copy this into the same directory as the HTA file.
Source Code: Blocklist2ACL-v3
<!--written by thejimmahknows-->;
Blocklist2ACL by thejimmahknows<script>// <![CDATA[
Sub Window_onLoad
window.resizeTo 675,875
End Sub
Sub Sleep(Msecs)
'needed cause no Wscript object for HTA files
Set SleepFSO = CreateObject("Scripting.FileSystemObject")
If SleepFSO.FileExists("sleeper.vbs")=False Then
Set objOutputSleeperFile = SleepFSO.CreateTextFile("sleeper.vbs", True)
objOutputSleeperFile.Write "wscript.sleep Wscript.Arguments(0)"
objOutputSleeperFile.Close
End If
CreateObject("Wscript.Shell").run "sleeper.vbs " & Msecs,1 , True
End Sub
Set WshShell = CreateObject("WScript.Shell")
currPath = WshShell.CurrentDirectory
'currPath = CreateObject("Scripting.FileSystemObject").GetParentFolderName(WScript.ScriptFullName)
'constants and URLs
Const ForReading = 1
Const ForWriting = 2
Const emergingURL = "http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt"
Const level1URL = "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz"
Const sigmaprojectsURL = "http://blocklist.sigmaprojects.org/api.cfc?method=getlist&lists=webexploit,spyware,anti-infringement,spammers"
Const dshieldURL = "http://feeds.dshield.org/block.txt"
Dim outFile : outFile = currPath & "test_output.txt"
Dim emergingFile : emergingFile = currPath & "emergingIPs.txt"
Dim level1FileGZ : level1FileGZ = currPath & "level1.txt.gz"
Dim level1File : level1File = currPath & "level1.txt"
Dim sigmaprojectsFileGZ: sigmaprojectsFileGZ = currPath & "sigmaprojectsIPs.txt.gz"
Dim sigmaprojectsFile: sigmaprojectsFile = currPath & "sigmaprojectsIPs.txt"
Dim dshieldFile: dshieldFile = currPath & "dshieldIPs.txt"
Dim mainOutputStr, ACL_NAME, logSuffix
Sub WGET(URL, DownloadLocation)
dim xHttp: Set xHttp = createobject("MSXML2.ServerXMLHTTP.6.0")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", URL , False
xHttp.Send
with bStrm
.type = 1 '//binary
.open
.write xHttp.responseBody
.savetofile DownloadLocation, 2 '//overwrite
end with
End Sub
Sub unGZ(filePathGZ, filePath)
Set objFSO = CreateObject("Scripting.FileSystemObject")
execPath = chr(34) & currPath & "gzip.exe" & chr(34) & "-dqf " & chr(34) & filePathGZ & chr(34)
'run gzip uncompress
WshShell.Run execPath
'loop until file exists from previous call
fileExist = False
Do Until fileExists = True
If objFSO.fileExists (filePath) Then
fileExists = True
Else
Sleep(2000)
End If
Loop
End Sub
Function TrimFile(file)
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(file, ForReading)
Do Until objFile.AtEndOfStream
strLine = objFile.Readline
strLine = Trim(strLine)
If Len(strLine) > 0 Then
strNewContents = strNewContents & strLine & vbCrLf
End If
Loop
objFile.Close
Set objFile = objFSO.OpenTextFile(file, ForWriting)
objFile.Write strNewContents
objFile.Close
End Function
Function BlueTrackConverterPG2CIDR(inLine) 'only for P2P format blocklist files
Dim objIE, sourceItem
sourceItem = inLine
Set objIE = CreateObject("InternetExplorer.Application")
objIE.visible = False
objIE.Navigate "http://www.bluetack.co.uk/converter/"
Do Until objIE.readyState = 4 : Sleep(200) : Loop
objIE.Document.getElementByID("fromformat").value = "pg"
objIE.Document.getElementByID("toformat").value = "shorewall"
objIE.Document.getElementByID("denyonly").value = "yes"
objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps"
objIE.Document.getElementByID("sortBy").value = "IP"
'paste in IE forum
objIE.Document.getElementByID("sfrom").value = sourceItem
Sleep(200)
For Each INPUT in objIE.Document.getElementsByTagName("input")
If INPUT.Value = "Convert" Then
INPUT.Click
Exit For
End If
Next
'return value
Sleep(200)
BlueTrackConverterPG2CIDR = objIE.Document.getElementByID("sto").value
objIE.Quit
Set objIE = Nothing
End Function
Function BlueTrackConverterDSHIELD2CIDR(inStr) 'only for DSHIELD conversions
Dim objIE, runStr
Set objIE = CreateObject("InternetExplorer.Application")
objIE.visible = False
objIE.Navigate "http://www.bluetack.co.uk/converter/"
Do Until objIE.readyState = 4 : Sleep(200) : Loop
objIE.Document.getElementByID("fromformat").value = "dshield"
objIE.Document.getElementByID("toformat").value = "shorewall"
objIE.Document.getElementByID("denyonly").value = "yes"
objIE.Document.getElementByID("listCleaning").value = "mergeoverlaps"
objIE.Document.getElementByID("sortBy").value = "IP"
'paste in IE forum
objIE.Document.getElementByID("sfrom").value = inStr
For Each INPUT in objIE.Document.getElementsByTagName("input")
If INPUT.Value = "Convert" Then
INPUT.Click
Exit For
End If
Next
'return outputStr
BlueTrackConverterDSHIELD2CIDR = objIE.Document.getElementByID("sto").value
objIE.Quit
Set objIE = Nothing
End Function
Function MaskLengthToIP(intMask)
' Converts a mask length to the decimal format mask
Dim arrOctets(3)
Dim intFullOctets : intFullOctets = (intMask - (intMask Mod 8)) / 8
Dim i
For i = 0 To (intFullOctets - 1)
arrOctets(i) = "255"
Next
Dim intPartialOctetLen : intPartialOctetLen = intMask Mod 8
Dim j
If intPartialOctetLen > 0 Then
Dim intOctet
For j = 0 To (intPartialOctetLen - 1)
intOctet = intOctet + 2^(7 - j)
Next
arrOctets(i) = intOctet : i = i + 1
End If
For j = i To 3
arrOctets(j) = "0"
Next
MaskLengthToIP = Join(arrOctets, ".")
End Function
Function CIDR2ACL(strLine, aclNameStr)
'check for blank line
If Trim(strLine) <> "" Then
If InStr(strLine, "/") > 0 Then
pos_start = InStr(strLine, "/")
'get ip only
tmpLen = Len(strLine)
tmpIP = Mid(strLine, 1, pos_start - 1)
'need to convert slash to netmask
subStr = Mid(strLine, pos_start +1 )
maskInt = CInt(subStr)
subMaskStr = MaskLengthToIP(maskInt)
'return values
CIDR2ACL = "access-list" & " " & aclNameStr & " " & "deny ip" & " " & tmpIP & " " & subMaskStr & " " & "any" & logSuffix & vbCrLf
Else
tmpIP = strLine
subMaskStr = "255.255.255.255"
'return values
CIDR2ACL = "access-list" & " " & aclNameStr & " " & "deny ip" & " " & tmpIP & " " & subMaskStr & " " & "any" & logSuffix & vbCrLf
End If
End If
End Function
Sub dshieldSUB
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(dshieldFile, ForReading)
'readall from file
Dim tStr, strText
strText = ""
tStr = BlueTrackConverterDSHIELD2CIDR(objFile.ReadAll)
arrLines = Split(tStr, vbCrLf)
For Each line in arrLines
strText = strText & CIDR2ACL(line, ACL_NAME)
Next
mainOutputStr = mainOutputStr & strText
objFile.Close
End Sub
Sub emergingSUB()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(emergingFile, ForReading)
'
Do Until objFile.AtEndOfStream
strText = objFile.ReadLine
If strText = chr(127) Then
'do nothing
ElseIf InStr(strText, "#") > 0 Then
'do nothing
Else
'convert CIDR
strText = CIDR2ACL(strText, ACL_NAME)
mainOutputStr = mainOutputStr & strText
End If
Loop
objFile.Close
End Sub
Sub sigmaprojectsSUB()
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(sigmaprojectsFile, ForReading)
Do Until objFile.AtEndOfStream
strText = objFile.ReadLine
strText = CIDR2ACL(strText, ACL_NAME)
mainOutputStr = mainOutputStr & strText
Loop
End Sub
Sub level1SUB()
Dim tStr, strTextLine, arrLines, runningStr, c
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(level1File, ForReading)
c = 0
Do Until objTextFile.AtEndOfStream
strTextLine = objTextFile.ReadLine
If InStr(strTextLine, "#") > 0 Then
'do nothing
ElseIf InStr(strTextLine, " ") > 0 Then
'do nothing
ElseIf InStr(strTextLine, "") > 0 Then
'do nothing
Else
If c > 7500 Then
'execute 100 items at a time
tStr = tStr & BlueTrackConverterPG2CIDR(runningStr) & vbCrLf
'reset counter
c=0
runningStr = ""
ElseIf objTextFile.AtEndOfStream = True Then
tStr = tStr & BlueTrackConverterPG2CIDR(runningStr) & vbCrLf
msgbox(tStr)
Else
runningStr = runningStr & strTextLine & vbCrLf
'increment counter
c = c + 1
End If
End If
Loop
arrLines = Split(tStr, vbCrLf)
For Each line in arrLines
strText = strText & CIDR2ACL(line, ACL_NAME)
Next
mainOutputStr = mainOutputStr & strText
'clean up
objTextFile.Close
End Sub
Sub cleanUP()
'dump to file
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Set objOutputFile = objFSO.CreateTextFile(outFile)
'objOutputFile.Write mainOutputStr
'clear and output access-lists
document.GetElementById("outputTextarea").Value = mainOutputStr
'objOutputFile.Close
'delete files dshieldIPs.txt , sigmaprojects.txt , emergingIPs
Set delFSO = CreateObject("Scripting.FileSystemObject")
If delFSO.FileExists(dshieldFile) Then
delFSO.DeleteFile dshieldFile
End If
If delFSO.FileExists(sigmaprojectsFile) Then
delFSO.DeleteFile sigmaprojectsFile
End If
If delFSO.FileExists(emergingFile) Then
delFSO.DeleteFile emergingFile
End If
If delFSO.FileExists(level1File) Then
delFSO.DeleteFile level1File
End If
'remove sleeper.vbs
If delFSO.FileExists("sleeper.vbs") Then
delFSO.DeleteFile "sleeper.vbs"
End If
End Sub
Sub runMe()
'clear mainOutputStr
mainOutputStr = ""
'get ACL Name
ACL_NAME = document.GetElementById("acl_textbox").value
'check log checkbox
If document.GetElementById("log_checkbox").Checked Then
logSuffix = " log"
Else
logSuffix = ""
End If
'check checkboxes checked
If document.GetElementById("emerging_checkbox").Checked Then
'execute Subs
Call WGET(emergingURL, emergingFile)
Call TrimFile(emergingFile)
Call emergingSUB()
End If
If document.GetElementById("dshield_checkbox").Checked Then
'execute Subs
Call WGET(dshieldURL, dshieldFile)
Call TrimFile(dshieldFile)
Call dshieldSUB()
End If
If document.GetElementById("sigmaprojects_checkbox").Checked Then
'execute Subs
Call WGET(sigmaprojectsURL, sigmaprojectsFileGZ)
Call unGZ(sigmaprojectsFileGZ, sigmaprojectsFile)
Call sigmaprojectsSUB()
End If
If document.GetElementById("bluetrack1_checkbox").Checked Then
'execute Subs
Call WGET(level1URL, level1FileGZ)
Call unGZ(level1FileGZ, level1File)
Call level1SUB()
Call TrimFile(level1File)
End If
'execute cleanup
Call cleanUP()
End Sub
Sub ClearMe
document.GetElementById("acl_textbox").value = "MyACL"
document.GetElementById("log_checkbox").Checked = False
document.GetElementById("emerging_checkbox").Checked = False
document.GetElementById("dshield_checkbox").Checked = False
document.GetElementById("sigmaprojects_checkbox").Checked = False
document.GetElementById("bluetrack1_checkbox").Checked = False
'clear textarea
document.GetElementById("outputTextarea").Value = "The access-list will appear here."
End Sub
// ]]>
</script>
<!--break line -->
<center>
<h2>Blocklist to Cisco ASA ACL converter</h2>
<h4>Select Blocklist Sources to Convert</h4>
</center>
<form action=""><b>ACL Name:</b> <input id="acl_textbox" name="acl_textbox" type="textbox" value="MyACL" />
<input id="emerging_checkbox" name="emerging_checkbox" type="checkbox" /><a href="http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt" target="_blank">Emerging Threats</a>
<input id="dshield_checkbox" name="dshield_checkbox" type="checkbox" /><a href="http://feeds.dshield.org/block.txt" target="_blank">Dshield</a>
<input id="sigmaprojects_checkbox" name="sigmaprojects_checkbox" type="checkbox" /><a href="https://blocklist.sigmaprojects.org/" target="_blank">Sigma Projects</a>
<input id="bluetrack1_checkbox" name="bluetrack1_checkbox" type="checkbox" /><a href="https://www.iblocklist.com/list.php?list=bt_level1" target="_blank"> Bluetrack Level1</a>
<b>Add log suffix to each ACL</b>
<input id="log_checkbox" name="log_checkbox" type="checkbox" /> Log ACL
<input name="runMeButton" type="button" value="Run Script" /> <input name="ClearMeButton" type="button" value="Clear" /></form><textarea id="outputTextarea" cols="75" rows="30">The access-list will appear here.</textarea>
Sources:
- http://www.bluetack.co.uk/
- http://www.bluetack.co.uk/converter/
- http://ibl.gamechaser.net/f/tagqfxtteucbuldhezkz/bt_level1.gz
- http://www.indented.co.uk/2008/10/21/vbscript-subnet-math/
- http://stackoverflow.com/questions/2973136/download-a-file-with-vbs
- https://www.iblocklist.com/list.php?list=bt_level1&fileformat=p2p&archiveformat=gz
Kudos! This is an excellent tool. Something I’ve been looking at doing for YEARS, but far too lazy to do. I’ve used/Frankensteined other peoples scripts, etc for nearly 20 years, but this was the first time I felt compelled to comment/complement them. Good job and thanks!!!
Thank you for the kind words Steve. I hope the tool comes in handy!
This looks like a very handy tool that will save me a lot of extra work , so I thank you. When I run the script I am getting a script error. It is saying Line 53 char 4 access denied.
The app was being blocked on my system and once that was cleared the script error stopped occurring. Any chance you could make a second version that would be supported on a router using the reverse mask? We do not have any ASA firewalls but this would be handy on a couple of our edge routers.
I’ve added new code with a Wildcard Notation checkbox. Let me know if it works for you. Thanks
https://www.dropbox.com/s/samyplr4wp5ee9l/Blocklist2ACL-v2.hta?dl=0
hello ,
I have a cisco switch , I really want to implement ur work but is this easier or the same thing ?
http://jebaird.com/2012/12/21/hosts-to-ip-host-generating-blocked-hosts-from-a-host-file-for-a-cisco-router.html
I would recommend doing this on something like a Firewall or an ASR. You run into hardware limitations on the list size. With an ASA you have the option of more RAM. Good luck!
THis looks really nice. I tried to download the script, but it is no longer available on dropbox. Do you have another link available for download? I tried copying the source into a file named the same thins, but that didn’t work.
When I double click on the .hta file it opens up to display the code
Try this link. http://s000.tinyupload.com/index.php?file_id=72289871875941697949
That link worked, thanks Jim!
Jim,
Whenever I select Dsheild, I get:
error: line 147, Char 4, Object required: ‘obje.Document.Getelementbyid(..)’,Code: 0,
Hey Gerry, seeing how many people were having issues with Internet Explorer compatiblity, I went ahead and ported the entire project over to Java. All you need is JRE 1.7+ and you can get it from the post I just published. I hope this works for you. Cheers!