On Thu, Jan 16, 2014 at 11:04 AM, John Levine <jo...@iecc.com> wrote:
> If you're a tiny little network, you can > use the public DNS servers for the BL lookups, and you can > FTP the text version of DROP and turn in into firewall > rules or whatever. That's what I do (hack perl scripts > available on request.) > Here's working Bash script to sync the freely available DROP/EDROP lists into a quagga/linux route server. https://gist.github.com/dotysan/8463112 I ran that awhile back without issue. But not anymore. Last year I added the $250/yr BOTNETCC list which is BGP-only. And it was too convenient to move the DROP/EDROP lists into BGP for an additional $250. It works as advertized. The BOTNETCC list is only v4/32s and more dynamic than the other lists. It's up to you to set it up correctly so an accident doesn't blackhole your own prefixes...or favorite offshore gambling site. :-p ../C