[125120] in North American Network Operators' Group
Re: BGP hijack from 23724 -> 4134 China?
daemon@ATHENA.MIT.EDU (James Hess)
Fri Apr 9 01:53:51 2010
In-Reply-To: <4BBE9263.6050100@2mbit.com>
Date: Fri, 9 Apr 2010 00:53:14 -0500
From: James Hess <mysidia@gmail.com>
To: Brielle Bruns <bruns@2mbit.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Apr 8, 2010 at 9:35 PM, Brielle Bruns <bruns@2mbit.com> wrote:
> I grabbed that access-list from the routers directly, so thats why it's b=
een
> generated already. =A0If there's a tool for UNIX/Linux that can generate =
the
> wildcard masks from CIDR in bulk for use in creating ACLs, I'd be happy t=
o
> put it up on the page.
UNIX/Linux users can probably accomplish using simple scripting,
since there are perl modules such as NetAddr::IP available.
eg
#!/usr/bin/perl
use Net::CIDR qw/cidradd/;
use NetAddr::IP;
@list=3D();
while (<>) {
chomp;
while ( $_ =3D~ s/^\s*([a-fA-F0-9:.]+)\/(\d+)\s*/ / ) {
@list =3D cidradd($1 . '/' . $2, @list);
}
}
for (@list) { $ip =3D new NetAddr::IP($_);
print "access-list 199 deny " . $ip->addr() . " " . $ip->wildcard() .=
"\n"
;
}
--
-J
