{{tag>[security routeros mikrotik bogon bogons]}}

=====RouterOS 6.x - Update Team CYMRU bogon list automatically=====
You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length!

  * Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):<code>/tool fetch url=https://curl.se/ca/cacert.pem</code>
  * Import certificates:<code>/certificate import file-name=cacert.pem passphrase=""</code>
  * Create a new script: <code>/system script add name=bogons</code>
  * Edit new script:<code>/system script edit [/system script find name=bogons] source</code>
  * Paste script:<code># Automatically add BOGONs to your firewall's address lists.
# Only works with 6.43 and up.
#
# Please do not fetch more often than the listed update interval, for the 
# lists that are updated only as IANA allocations change, please do not fetch 
# more than once per day.
#
# by Phillip Stromberg
# 2018-11-07
# uses team-cymru.org BOGON lists
{
    :global content;
    :local url;
    :local addressListName;
    
    :set addressListName "AUTOBOGON"
    
    ####################### UNCOMMENT THE URL YOU NEED: #######################
    
    ### This is the list of bit notation bogons, aggregated, in text format.
    ### Updated as IANA allocations and special prefix reservations are made.
    
    # :set url "https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt"
    
    ### The traditional bogon prefixes, plus prefixes that have been allocated to RIRs 
    ### but not yet assigned by those RIRs to ISPs, end-users, etc.
    ### Updated every four hours.
    
    :set url "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt"
    
    ###########################################################################
    
    :local result [/tool fetch url=$url as-value output=user];
    
    :if ($result->"status" = "finished") do={
        :set content ($result->"data");
    }
    :global contentLen [ :len $content ];
    :global lineEnd 0;
    :global line "";
    :global lastEnd -1;
    
    /ip firewall address-list remove [find list=$addressListName];
    
    :do {
        :set lineEnd [:find $content "\n" $lastEnd ];
        :set line [:pick $content $lastEnd $lineEnd];
        :set lastEnd ( $lineEnd + 1 );
        :if ( [:pick $line 0] = "#" ) do={
        } else={
            # :put $line;
            /ip firewall address-list add address=$line list=$addressListName;
        }
        
    } while=($lineEnd < $contentLen - 2)
}

</code>
  * Set policy:<code>/system script set bogons policy=read,write,test</code>
  * Test run script:<code>/system script run bogons</code>
  * Schedule script:<code>/system scheduler add interval=1d on-event=bogons name=update-bogons</code>
  * Add firewall rules with: <code>dst-address-list=!AUTOBOGON</code>