Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
routeros_bogon_update

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
routeros_bogon_update [2015/04/19 12:02] – [RouterOS 6.x - Update bogon list automatically] adminrouteros_bogon_update [2021/10/31 14:40] (current) admin
Line 1: Line 1:
 {{tag>[security routeros mikrotik bogon bogons]}} {{tag>[security routeros mikrotik bogon bogons]}}
-~~TOC~~ 
  
-=====RouterOS 6.x - Update bogon list automatically=====+=====RouterOS 6.x - Update Team CYMRU bogon list automatically===== 
 +You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length! 
 + 
 +  * Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):<code>/tool fetch url=https://curl.se/ca/cacert.pem</code> 
 +  * Import certificates:<code>/certificate import file-name=cacert.pem passphrase=""</code>
   * Create a new script: <code>/system script add name=bogons</code>   * Create a new script: <code>/system script add name=bogons</code>
   * Edit new script:<code>/system script edit [/system script find name=bogons] source</code>   * Edit new script:<code>/system script edit [/system script find name=bogons] source</code>
-  * Paste script:<code>## Builds an address list with bogons based on+  * Paste script:<code># Automatically add BOGONs to your firewall'address lists. 
-## http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt+# Only works with 6.43 and up. 
 +
 +# Please do not fetch more often than the listed update interval, for the  
 +# lists that are updated only as IANA allocations change, please do not fetch  
 +# more than once per day. 
 +
 +# by Phillip Stromberg 
 +# 2018-11-07 
 +# uses team-cymru.org BOGON lists 
 +
 +    :global content; 
 +    :local url; 
 +    :local addressListName; 
 +     
 +    :set addressListName "AUTOBOGON" 
 +     
 +    ####################### UNCOMMENT THE URL YOU NEED: ####################### 
 +     
 +    ### This is the list of bit notation bogons, aggregated, in text format. 
 +    ### Updated as IANA allocations and special prefix reservations are made. 
 +     
 +    # :set url "https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt
 +     
 +    ### The traditional bogon prefixes, plus prefixes that have been allocated to RIRs  
 +    ### but not yet assigned by those RIRs to ISPs, end-users, etc. 
 +    ### Updated every four hours. 
 +     
 +    :set url "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt" 
 +     
 +    ########################################################################### 
 +     
 +    :local result [/tool fetch url=$url as-value output=user]; 
 +     
 +    :if ($result->"status" = "finished") do={ 
 +        :set content ($result->"data"); 
 +    } 
 +    :global contentLen [ :len $content ]; 
 +    :global lineEnd 0; 
 +    :global line ""; 
 +    :global lastEnd -1; 
 +     
 +    /ip firewall address-list remove [find list=$addressListName]; 
 +     
 +    :do { 
 +        :set lineEnd [:find $content "\n" $lastEnd ]; 
 +        :set line [:pick $content $lastEnd $lineEnd]; 
 +        :set lastEnd ( $lineEnd + 1 ); 
 +        :if ( [:pick $line 0] = "#" ) do={ 
 +        } else={ 
 +            # :put $line; 
 +            /ip firewall address-list add address=$line list=$addressListName; 
 +        } 
 +         
 +    } while=($lineEnd < $contentLen - 2) 
 +}
  
-:log info "Fetching bogon list."  +</code> 
-/tool fetch url="http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt" mode=http +  * Set policy:<code>/system script set bogons policy=read,write,test</code>
- +
-:log info "Removing all bogons."  +
-/ip firewall address-list remove [/ip firewall address-list find list=bogons] +
- +
-:global content [/file get [/file find name=bogon-bn-agg.txt] contents] ; +
-:global contentLen [:len $content]; +
- +
-:global lineEnd 0; +
-:global line ""; +
-:global lastEnd 0; +
- +
-:log info "Adding bogons from file."  +
-:do { +
-       :set lineEnd [:find $content "\n" $lastEnd ] ; +
-       :set line [:pick $content $lastEnd $lineEnd] ; +
-       :set lastEnd ( $lineEnd + 1 ) ; +
- +
-       :local tmpArray [:toarray $line] ; +
- :if ( [:pick $tmpArray 0] != "" ) do={ +
- :put $tmpArray; +
-         /ip firewall address-list add name=bogons address=[:pick $tmpArray 0]; +
-+
-} while ($lineEnd < $contentLen)</code>+
   * Test run script:<code>/system script run bogons</code>   * Test run script:<code>/system script run bogons</code>
-  * Schedule script:<code>/system scheduler add interval=24h start-time=7:00:00 on-event=bogons name=update-bogons</code>+  * Schedule script:<code>/system scheduler add interval=1d on-event=bogons name=update-bogons</code> 
 +  * Add firewall rules with: <code>dst-address-list=!AUTOBOGON</code>
  
routeros_bogon_update.1429444945.txt.gz · Last modified: 2015/04/19 12:02 by admin