Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


routeros_bogon_update

RouterOS 6.x - Update Team CYMRU bogon list automatically

You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length!

  • Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):
    /tool fetch url=https://curl.se/ca/cacert.pem
  • Import certificates:
    /certificate import file-name=cacert.pem passphrase=""
  • Create a new script:
    /system script add name=bogons
  • Edit new script:
    /system script edit [/system script find name=bogons] source
  • Paste script:
    # Automatically add BOGONs to your firewall's address lists.
    # Only works with 6.43 and up.
    #
    # Please do not fetch more often than the listed update interval, for the 
    # lists that are updated only as IANA allocations change, please do not fetch 
    # more than once per day.
    #
    # by Phillip Stromberg
    # 2018-11-07
    # uses team-cymru.org BOGON lists
    {
        :global content;
        :local url;
        :local addressListName;
        
        :set addressListName "AUTOBOGON"
        
        ####################### UNCOMMENT THE URL YOU NEED: #######################
        
        ### This is the list of bit notation bogons, aggregated, in text format.
        ### Updated as IANA allocations and special prefix reservations are made.
        
        # :set url "https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt"
        
        ### The traditional bogon prefixes, plus prefixes that have been allocated to RIRs 
        ### but not yet assigned by those RIRs to ISPs, end-users, etc.
        ### Updated every four hours.
        
        :set url "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt"
        
        ###########################################################################
        
        :local result [/tool fetch url=$url as-value output=user];
        
        :if ($result->"status" = "finished") do={
            :set content ($result->"data");
        }
        :global contentLen [ :len $content ];
        :global lineEnd 0;
        :global line "";
        :global lastEnd -1;
        
        /ip firewall address-list remove [find list=$addressListName];
        
        :do {
            :set lineEnd [:find $content "\n" $lastEnd ];
            :set line [:pick $content $lastEnd $lineEnd];
            :set lastEnd ( $lineEnd + 1 );
            :if ( [:pick $line 0] = "#" ) do={
            } else={
                # :put $line;
                /ip firewall address-list add address=$line list=$addressListName;
            }
            
        } while=($lineEnd < $contentLen - 2)
    }
    
  • Set policy:
    /system script set bogons policy=read,write,test
  • Test run script:
    /system script run bogons
  • Schedule script:
    /system scheduler add interval=1d on-event=bogons name=update-bogons
  • Add firewall rules with:
    dst-address-list=!AUTOBOGON
routeros_bogon_update.txt · Last modified: 2021/10/31 14:40 by admin