Talos provides a good IP blacklist on their web site. To improve the security of my network I would like to use those IP addresses and block them on my ASA firewall. The blacklist contains round about 1600 lines with IP addresses, to transform them into firewall rules for my ASA will be a lot of manual work.
But: We have computers, so let’s have a computer do this work. A simple bash script will download the blacklist and generates the output which I can copy and paste to my ASA firewall. Please note: I’m also looking for a semicolon in case another blacklist is used and if it’s contain more columns separated by semicolon.
I’m saving above script in the file “talos-ipblacklist.sh” and make it executable. Then I can call the script by:
I copy and paste the output via SSH to my ASA firewall where those should appear in “Firewall > Objects > Network Objects / Groups”. Then I create the two rules for my two VLAN’s to use the TALOS_BLACKLIST as shown below:
By doing a TELNET to one of those IP addresses the hit counter should increase which means the firewall rules are working. That’s it.