Create ASA Firewall rule from Talos IP Blacklist

Talos provides a good IP blacklist on their web site. To improve the security of my network I would like to use those IP addresses and block them on my ASA firewall. The blacklist contains round about 1600 lines with IP addresses, to transform them into firewall rules for my ASA will be a lot of manual work.

But: We have computers, so let's have a computer do this work. A simple bash script will download the blacklist and generates the output which I can copy and paste to my ASA firewall. Please note: I'm also looking for a semicolon in case another blacklist is used and if it's contain more columns separated by semicolon.


#!/bin/bash

wget -q https://talosintelligence.com/documents/ip-blacklist
ipblack=( $(cut -d ';' -f2 ip-blacklist ) )

echo "conf t"
for ip in "${ipblack[@]}"
	do
	echo "name $ip TALOS_BLACKLIST_$ip"
done

echo "no object-group network TALOS_BLACKLIST"
echo "object-group network TALOS_BLACKLIST"
for ip in "${ipblack[@]}"
	do
	echo "network-object host $ip"
done
echo "!"
echo "exit"
Create ASA Firewall rule from Talos IP Blacklist

I'm saving above script in the file "talos-ipblacklist.sh" and make it executable. Then I can call the script by:


./talos-ipblacklist.sh > talos-blacklist.cfg
Execute "talos-ipblacklist.sh" script

I copy and paste the output via SSH to my ASA firewall where those should appear in "Firewall>Objects>Network Objects/Groups". Then I create the two rules for my two VLAN's to use the TALOS_BLACKLIST as shown below:

ASA ACL for TALOS_BLACKLIST

ASA ACL for TALOS_BLACKLIST

By doing a TELNET to one of those IP addresses the hit counter should increase which means the firewall rules are working. That's it.

Search my web site