routeros_bogon_update
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
routeros_bogon_update [2015/04/19 12:02] – [RouterOS 6.x - Update bogon list automatically] admin | routeros_bogon_update [2021/10/31 14:40] (current) – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
{{tag> | {{tag> | ||
- | ~~TOC~~ | ||
- | =====RouterOS 6.x - Update bogon list automatically===== | + | =====RouterOS 6.x - Update |
+ | You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length! | ||
+ | |||
+ | * Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):< | ||
+ | * Import certificates:< | ||
* Create a new script: < | * Create a new script: < | ||
* Edit new script:< | * Edit new script:< | ||
- | * Paste script:< | + | * Paste script:< |
- | ## http:// | + | # Only works with 6.43 and up. |
+ | # | ||
+ | # Please do not fetch more often than the listed update interval, for the | ||
+ | # lists that are updated only as IANA allocations change, please do not fetch | ||
+ | # more than once per day. | ||
+ | # | ||
+ | # by Phillip Stromberg | ||
+ | # 2018-11-07 | ||
+ | # uses team-cymru.org BOGON lists | ||
+ | { | ||
+ | | ||
+ | :local url; | ||
+ | :local addressListName; | ||
+ | |||
+ | :set addressListName " | ||
+ | | ||
+ | ####################### | ||
+ | |||
+ | ### This is the list of bit notation bogons, aggregated, in text format. | ||
+ | ### Updated as IANA allocations and special prefix reservations are made. | ||
+ | |||
+ | # :set url "https:// | ||
+ | |||
+ | ### The traditional bogon prefixes, plus prefixes that have been allocated to RIRs | ||
+ | ### but not yet assigned by those RIRs to ISPs, end-users, etc. | ||
+ | ### Updated every four hours. | ||
+ | |||
+ | :set url " | ||
+ | |||
+ | ########################################################################### | ||
+ | |||
+ | :local result [/tool fetch url=$url as-value output=user]; | ||
+ | |||
+ | :if ($result->" | ||
+ | :set content ($result->" | ||
+ | } | ||
+ | :global contentLen [ :len $content ]; | ||
+ | :global lineEnd 0; | ||
+ | :global line ""; | ||
+ | :global lastEnd -1; | ||
+ | |||
+ | /ip firewall address-list remove [find list=$addressListName]; | ||
+ | |||
+ | :do { | ||
+ | :set lineEnd [:find $content " | ||
+ | :set line [:pick $content $lastEnd $lineEnd]; | ||
+ | :set lastEnd ( $lineEnd + 1 ); | ||
+ | :if ( [:pick $line 0] = "#" | ||
+ | } else={ | ||
+ | # :put $line; | ||
+ | /ip firewall address-list add address=$line list=$addressListName; | ||
+ | } | ||
+ | |||
+ | } while=($lineEnd < $contentLen - 2) | ||
+ | } | ||
- | :log info " | + | </code> |
- | /tool fetch url=" | + | * Set policy:< |
- | + | ||
- | :log info " | + | |
- | /ip firewall address-list remove [/ip firewall address-list find list=bogons] | + | |
- | + | ||
- | :global content [/file get [/file find name=bogon-bn-agg.txt] contents] ; | + | |
- | :global contentLen [:len $content]; | + | |
- | + | ||
- | :global lineEnd 0; | + | |
- | :global line ""; | + | |
- | :global lastEnd 0; | + | |
- | + | ||
- | :log info " | + | |
- | :do { | + | |
- | :set lineEnd [:find $content " | + | |
- | :set line [:pick $content $lastEnd $lineEnd] ; | + | |
- | :set lastEnd ( $lineEnd + 1 ) ; | + | |
- | + | ||
- | : | + | |
- | :if ( [:pick $tmpArray 0] != "" | + | |
- | :put $tmpArray; | + | |
- | /ip firewall address-list add name=bogons | + | |
- | } | + | |
- | } while ($lineEnd < $contentLen)</ | + | |
* Test run script:< | * Test run script:< | ||
- | * Schedule script:< | + | * Schedule script:< |
+ | * Add firewall rules with: < | ||
routeros_bogon_update.txt · Last modified: 2021/10/31 14:40 by admin