Can I use DROP on my Cisco router, or other firewalls, web filters & proxies?
Back
Can I use DROP on my Cisco router, or other firewalls, web filters & proxies?
If your router is a Cisco device and you don’t have BGP support on it (or don’t want to use it), you can also use a script called cisco-tools, developed by Marco d’Itri.
- The tool can be downloaded directly from his website.
- Every time cisco-tools is run by crontab, it will download the list and report if there are changes. When run interactively it will remove old entries and ask whether any new entry should be used or not.
Here is a short list of helpful links for various firewalls, web filters & proxies:
- On the OISF Community website: Suricata rules from Emerging Threats.
- Code in PHP to create IPTables.
- Here is a Bash script to sync the DROP/EDROP lists into a Quagga/Linux route server: spamhaus2quagga.sh.
- A script to add the DROP list into Linux iptables:spamhaus.sh.
NOTE: The data file & CIDR ranges may have to be manipulated for each system’s unique requirements. Some of these scripts are older, and do not also fetch and use the newer eDROP data. In such cases, a modification to add this should be implemented.
USE AT YOUR OWN RISK!
Back