<?php
/*
* SpamHaus DROP Tool v0.1
*
* Written by Rick Hodger <rick@fuzzi.org.uk>
* http://www.potato-people.com/
*
* DROP (Don't Route Or Peer) is an advisory "drop all traffic" list, consisting
* of stolen 'zombie' netblocks and netblocks controlled entirely by professional
* spammers. DROP is a tiny sub-set of the SBL designed for use by firewalls and
* routing equipment.
*
* http://www.spamhaus.org/drop/
*
* This tool will download and parse the Spamhaus DROP list into IPTables rules or
* a Cisco compatible access control list.
*
* Usage: Execute from the command line.
*
* Examples:
*
* php spamhausdrop.php iptables
* php spamhausdrop.php cisco 10
*/
function getSubnetMask($cidr) {
list($network,$mask)=explode('/',$cidr);
$bin='';
for($i=1;$i<=32;$i++) {
$bin .= $mask >= $i ? '1' : '0';
}
$subnet=long2ip(bindec($bin));
return array($network,$subnet);
}
function subnet2wildcard($subnet) {
$x=ip2long($subnet);
$z=ip2long("255.255.255.255");
return long2ip($z-$x);
}
if ($argc==1) {
die("$argv[0] [iptables|cisco] [extraoptions]\n");
} else {
$mode=$argv[1];
switch($mode) {
case "cisco":
if ($argc==2) {
die("$argv[0] cisco [accesslistid]\n");
} else {
$aclid=$argv[2];
}
break;
}
}
$drop=file("http://www.spamhaus.org/drop/drop.lasso");
foreach($drop as $line) {
$line=trim($line);
if (!empty($line) && substr($line,0,1)!==';') {
list($cidr,$sbl)=explode(" ; ",$line);
switch($mode) {
case "iptables":
echo "netsh advfirewall firewall add rule name=SpamhausDROP dir=in action=block remoteip=$cidr\n";
break;
case "cisco":
$x=getSubnetMask($cidr);
if ($aclid <= 99) {
echo "access-list $aclid deny $x[0] ".subnet2wildcard($x[1])."\n";
}
break;
}
}
}
?>
D:
cd D:\PATH-TO-PHP-AND-BAT-FILES\
netsh advfirewall firewall delete rule name="SpamhausDROP"
php pulldrop.php iptables > dropcompiled.bat
call dropcompiled.bat
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (1)
Author
Commented: