routeros_bogon_update
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
routeros_bogon_update [2015/04/19 12:07] – [RouterOS 6.x - Update bogon list automatically] admin | routeros_bogon_update [2021/10/31 14:40] (current) – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
{{tag> | {{tag> | ||
- | ~~TOC~~ | ||
- | =====RouterOS 6.x - Update bogon list automatically===== | + | =====RouterOS 6.x - Update |
+ | You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length! | ||
+ | |||
+ | * Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):< | ||
+ | * Import certificates:< | ||
* Create a new script: < | * Create a new script: < | ||
* Edit new script:< | * Edit new script:< | ||
- | * Paste script:< | + | * Paste script:< |
- | ## http:// | + | # Only works with 6.43 and up. |
- | + | # | |
- | :log info " | + | # Please do not fetch more often than the listed update interval, for the |
- | /tool fetch url="http:// | + | # lists that are updated only as IANA allocations change, please do not fetch |
- | + | # more than once per day. | |
- | :log info " | + | # |
- | /ip firewall address-list remove | + | # by Phillip Stromberg |
- | + | # 2018-11-07 | |
- | :global content [/file get [/file find name=bogon-bn-agg.txt] contents] | + | # uses team-cymru.org BOGON lists |
- | :global contentLen [:len $content]; | + | { |
- | + | | |
- | :global lineEnd 0; | + | : |
- | :global line ""; | + | :local addressListName; |
- | :global lastEnd | + | |
- | + | :set addressListName " | |
- | :log info " | + | |
- | :do { | + | |
- | | + | |
- | | + | ### This is the list of bit notation bogons, aggregated, in text format. |
- | | + | ### Updated as IANA allocations and special prefix reservations are made. |
+ | |||
+ | # :set url "https:// | ||
+ | |||
+ | ### The traditional | ||
+ | ### but not yet assigned by those RIRs to ISPs, end-users, etc. | ||
+ | ### Updated every four hours. | ||
+ | |||
+ | :set url "https:// | ||
+ | |||
+ | ########################################################################### | ||
+ | |||
+ | :local result | ||
+ | |||
+ | :if ($result->" | ||
+ | :set content ($result->" | ||
+ | } | ||
+ | | ||
+ | :global lineEnd 0; | ||
+ | :global line ""; | ||
+ | :global lastEnd | ||
+ | |||
+ | /ip firewall address-list remove [find list=$addressListName]; | ||
+ | | ||
+ | :do { | ||
+ | :set lineEnd [:find $content " | ||
+ | :set line [:pick $content $lastEnd $lineEnd]; | ||
+ | :set lastEnd ( $lineEnd + 1 ); | ||
+ | :if ( [:pick $line 0] = "#" | ||
+ | } else={ | ||
+ | # :put $line; | ||
+ | /ip firewall address-list add address=$line list=$addressListName; | ||
+ | } | ||
+ | |||
+ | } while=($lineEnd < $contentLen - 2) | ||
+ | } | ||
- | :if ( $line != "" | + | </ |
- | /ip firewall address-list add list=bogons | + | * Set policy:< |
- | } | + | |
- | } while ($lineEnd < $contentLen)</ | + | |
* Test run script:< | * Test run script:< | ||
- | * Schedule script:< | + | * Schedule script:< |
+ | * Add firewall rules with: < | ||
routeros_bogon_update.1429445275.txt.gz · Last modified: 2015/04/19 12:07 by admin