routeros_bogon_update
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
routeros_bogon_update [2015/04/19 11:58] – [RouterOS 6.x - Update bogon list automatically] admin | routeros_bogon_update [2021/10/31 14:40] (current) – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
{{tag> | {{tag> | ||
- | ~~TOC~~ | ||
- | =====RouterOS 6.x - Update bogon list automatically===== | + | =====RouterOS 6.x - Update |
+ | You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length! | ||
+ | |||
+ | * Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):< | ||
+ | * Import certificates:< | ||
* Create a new script: < | * Create a new script: < | ||
* Edit new script:< | * Edit new script:< | ||
- | * Paste script:< | + | * Paste script:< |
- | ## http:// | + | # Only works with 6.43 and up. |
- | + | # | |
- | :log info " | + | # Please do not fetch more often than the listed update interval, for the |
- | /tool fetch url="http:// | + | # lists that are updated only as IANA allocations change, please do not fetch |
- | + | # more than once per day. | |
- | :log info "Removing all bogons." | + | # |
- | /ip firewall address-list remove | + | # by Phillip Stromberg |
- | + | # 2018-11-07 | |
- | :global content | + | # uses team-cymru.org BOGON lists |
- | :global contentLen | + | { |
- | + | | |
- | :global | + | : |
- | :global | + | :local addressListName; |
- | :global lastEnd 0; | + | |
+ | :set addressListName " | ||
+ | |||
+ | | ||
+ | |||
+ | ### This is the list of bit notation bogons, aggregated, in text format. | ||
+ | ### Updated as IANA allocations and special prefix reservations are made. | ||
+ | |||
+ | # :set url "https:// | ||
+ | |||
+ | ### The traditional | ||
+ | ### but not yet assigned by those RIRs to ISPs, end-users, etc. | ||
+ | ### Updated every four hours. | ||
+ | |||
+ | :set url "https:// | ||
+ | |||
+ | ########################################################################### | ||
+ | |||
+ | :local result [/tool fetch url=$url as-value output=user]; | ||
+ | |||
+ | :if ($result-> | ||
+ | :set content ($result->" | ||
+ | } | ||
+ | :global contentLen | ||
+ | :global lineEnd 0; | ||
+ | :global line ""; | ||
+ | :global lastEnd -1; | ||
+ | |||
+ | | ||
+ | |||
+ | :do { | ||
+ | :set lineEnd | ||
+ | :set line [:pick $content | ||
+ | :set lastEnd ( $lineEnd | ||
+ | :if ( [:pick $line 0] = "#" | ||
+ | } else={ | ||
+ | # :put $line; | ||
+ | /ip firewall address-list add address=$line list=$addressListName; | ||
+ | } | ||
+ | |||
+ | } while=($lineEnd < $contentLen - 2) | ||
+ | } | ||
- | :log info " | + | </ |
- | :while ($lineEnd | + | * Set policy:<code>/ |
- | :set lineEnd [:find $content " | + | |
- | :if ([:len $lineEnd] = 0) do={ | + | |
- | :set lineEnd $contentLen; | + | |
- | } | + | |
- | :set line [:pick $content $lastEnd $lineEnd]; | + | |
- | :set lastEnd ($lineEnd + 1); | + | |
- | + | ||
- | :if ($line != " | + | |
- | /ip firewall address-list add list=bogons | + | |
- | } | + | |
- | }</ | + | |
* Test run script:< | * Test run script:< | ||
- | * Schedule script:< | + | * Schedule script:< |
+ | * Add firewall rules with: < | ||
routeros_bogon_update.txt · Last modified: 2021/10/31 14:40 by admin