Create ASA Firewall rule from Talos IP Blacklist

Table of contents

  1. Talos IP Blocklist
  2. Script to create Firewall ACL
  3. Run Script
  4. Copy config to ASA Firewall

Talos IP Blocklist

Talos provides a good IP blacklist on their web site. To improve the security of my network I would like to use those IP addresses and block them on my ASA firewall. The blacklist contains round about 1600 lines with IP addresses, to transform them into firewall rules for my ASA will be a lot of manual work.

Script to create Firewall ACL

But: We have computers, so let’s have a computer do this work. A simple bash script will download the blacklist and generates the output which I can copy and paste to my ASA firewall. Please note: I’m also looking for a semicolon in case another blacklist is used and if it’s contain more columns separated by semicolon.


    #!/bin/bash
    wget -q https://talosintelligence.com/documents/ip-blacklist
    ipblack=( $(cut -d ';' -f2 ip-blacklist ) )

    echo "conf t"
    for ip in "${ipblack[@]}"
      do
      echo "name $ip TALOS_BLACKLIST_$ip"
    done

    echo "no object-group network TALOS_BLACKLIST"
    echo "object-group network TALOS_BLACKLIST"
    for ip in "${ipblack[@]}"
      do
      echo "network-object host $ip"
    done
    echo "!"
    echo "exit"

Run Script

I’m saving above script in the file “talos-ipblacklist.sh” and make it executable. Then I can call the script by:


    ./talos-ipblacklist.sh > talos-blacklist.cfg

Copy config to ASA Firewall

I copy and paste the output via SSH to my ASA firewall where those should appear in “Firewall > Objects > Network Objects / Groups”. Then I create the two rules for my two VLAN’s to use the TALOS_BLACKLIST as shown below:

ASA ACL for TALOS_BLACKLIST

By doing a TELNET to one of those IP addresses the hit counter should increase which means the firewall rules are working. That’s it.