Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
routeros_bogon_update

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
routeros_bogon_update [2015/04/19 11:58] – [RouterOS 6.x - Update bogon list automatically] adminrouteros_bogon_update [2021/10/31 14:36] admin
Line 1: Line 1:
 {{tag>[security routeros mikrotik bogon bogons]}} {{tag>[security routeros mikrotik bogon bogons]}}
-~~TOC~~ 
  
-=====RouterOS 6.x - Update bogon list automatically=====+=====RouterOS 6.x - Update Team CYMRU bogon list automatically===== 
 +You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length. 
 + 
 +  * Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):<code>/tool fetch url=https://curl.se/ca/cacert.pem</code> 
 +  * Import certificates:<code>/certificate import file-name=cacert.pem passphrase=""</code>
   * Create a new script: <code>/system script add name=bogons</code>   * Create a new script: <code>/system script add name=bogons</code>
   * Edit new script:<code>/system script edit [/system script find name=bogons] source</code>   * Edit new script:<code>/system script edit [/system script find name=bogons] source</code>
-  * Paste script:<code>## Builds an address list with bogons based on+  * Paste script:<code># Automatically add BOGONs to your firewall'address lists. 
-## http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt +# Only works with 6.43 and up. 
- +
-:log info "Fetching bogon list. +# Please do not fetch more often than the listed update interval, for the  
-/tool fetch url="http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt" mode=http +# lists that are updated only as IANA allocations change, please do not fetch  
- +# more than once per day. 
-:log info "Removing all bogons."  +
-/ip firewall address-list remove [/ip firewall address-list find list=bogons+# by Phillip Stromberg 
- +# 2018-11-07 
-:global content [/file get [/file find name=bogon-bn-agg.txt] contents] ; +# uses team-cymru.org BOGON lists 
-:global contentLen [:len $content]; +
- +    :global content; 
-:global lineEnd 0+    :local url; 
-:global line ""; +    :local addressListName; 
-:global lastEnd 0;+     
 +    :set addressListName "AUTOBOGON" 
 +     
 +    ####################### UNCOMMENT THE URL YOU NEED: ####################### 
 +     
 +    ### This is the list of bit notation bogons, aggregated, in text format. 
 +    ### Updated as IANA allocations and special prefix reservations are made. 
 +     
 +    # :set url "https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt" 
 +     
 +    ### The traditional bogon prefixes, plus prefixes that have been allocated to RIRs  
 +    ### but not yet assigned by those RIRs to ISPs, end-users, etc
 +    ### Updated every four hours. 
 +     
 +    :set url "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt" 
 +     
 +    ########################################################################### 
 +     
 +    :local result [/tool fetch url=$url as-value output=user]; 
 +     
 +    :if ($result->"status= "finished") do={ 
 +        :set content ($result->"data"); 
 +    } 
 +    :global contentLen :len $content ]; 
 +    :global lineEnd 0; 
 +    :global line ""; 
 +    :global lastEnd -1; 
 +     
 +    /ip firewall address-list remove [find list=$addressListName]; 
 +     
 +    :do { 
 +        :set lineEnd [:find $content "\n" $lastEnd ]; 
 +        :set line [:pick $content $lastEnd $lineEnd]; 
 +        :set lastEnd ( $lineEnd + 1 )
 +        :if ( [:pick $line 0] = "#) do={ 
 +        } else={ 
 +            # :put $line; 
 +            /ip firewall address-list add address=$line list=$addressListName; 
 +        } 
 +         
 +    } while=($lineEnd < $contentLen - 2) 
 +}
  
-:log info "Adding bogons from file."  +</code> 
-:while ($lineEnd $contentLen) do={ +  * Set policy:<code>/system script set bogons policy=read,write,test</code>
-   :set lineEnd [:find $content "\n" $lastEnd]; +
-   :if ([:len $lineEnd] = 0) do={ +
-      :set lineEnd $contentLen; +
-   } +
-   :set line [:pick $content $lastEnd $lineEnd]; +
-   :set lastEnd ($lineEnd + 1); +
-    +
-   :if ($line != "\n") do={ +
-      /ip firewall address-list add list=bogons address="$line" +
-   } +
-}</code>+
   * Test run script:<code>/system script run bogons</code>   * Test run script:<code>/system script run bogons</code>
-  * Schedule script:<code>/system scheduler add interval=24h start-time=7:00:00 on-event=bogons name=update-bogons</code>+  * Schedule script:<code>/system scheduler add interval=1d on-event=bogons name=update-bogons</code> 
 +  * Add firewall rules with: <code>dst-address-list=!AUTOBOGON</code>
  
routeros_bogon_update.txt · Last modified: 2021/10/31 14:40 by admin