Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
routeros_bogon_update

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
routeros_bogon_update [2015/04/19 12:07] – [RouterOS 6.x - Update bogon list automatically] adminrouteros_bogon_update [2021/10/31 14:40] (current) admin
Line 1: Line 1:
 {{tag>[security routeros mikrotik bogon bogons]}} {{tag>[security routeros mikrotik bogon bogons]}}
-~~TOC~~ 
  
-=====RouterOS 6.x - Update bogon list automatically=====+=====RouterOS 6.x - Update Team CYMRU bogon list automatically===== 
 +You can easily adapt this script to download the IPv6 bogon list, if the list is shorter than the max variable length! 
 + 
 +  * Download CA certificates and upload to RouterOS, or with next command (not encrypted by TLS!):<code>/tool fetch url=https://curl.se/ca/cacert.pem</code> 
 +  * Import certificates:<code>/certificate import file-name=cacert.pem passphrase=""</code>
   * Create a new script: <code>/system script add name=bogons</code>   * Create a new script: <code>/system script add name=bogons</code>
   * Edit new script:<code>/system script edit [/system script find name=bogons] source</code>   * Edit new script:<code>/system script edit [/system script find name=bogons] source</code>
-  * Paste script:<code>## Builds an address list with bogons based on+  * Paste script:<code># Automatically add BOGONs to your firewall'address lists. 
-## http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt +# Only works with 6.43 and up. 
- +
-:log info "Fetching bogon list. +# Please do not fetch more often than the listed update interval, for the  
-/tool fetch url="http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt" mode=http +# lists that are updated only as IANA allocations change, please do not fetch  
- +# more than once per day. 
-:log info "Removing all bogons."  +
-/ip firewall address-list remove [/ip firewall address-list find list=bogons+# by Phillip Stromberg 
- +# 2018-11-07 
-:global content [/file get [/file find name=bogon-bn-agg.txt] contents] +# uses team-cymru.org BOGON lists 
-:global contentLen [:len $content]; +
- +    :global content; 
-:global lineEnd 0; +    :local url; 
-:global line ""; +    :local addressListName; 
-:global lastEnd 0+     
- +    :set addressListName "AUTOBOGON" 
-:log info "Adding bogons from file."  +     
-:do { +    ####################### UNCOMMENT THE URL YOU NEED: ####################### 
-       :set lineEnd [:find $content "\n" $lastEnd ] ; +     
-       :set line [:pick $content $lastEnd $lineEnd] ; +    ### This is the list of bit notation bogons, aggregated, in text format. 
-       :set lastEnd ( $lineEnd + 1 ) ;+    ### Updated as IANA allocations and special prefix reservations are made. 
 +     
 +    # :set url "https://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt" 
 +     
 +    ### The traditional bogon prefixes, plus prefixes that have been allocated to RIRs  
 +    ### but not yet assigned by those RIRs to ISPs, end-users, etc
 +    ### Updated every four hours. 
 +     
 +    :set url "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt" 
 +     
 +    ########################################################################### 
 +     
 +    :local result [/tool fetch url=$url as-value output=user]; 
 +     
 +    :if ($result->"status" "finished") do={ 
 +        :set content ($result->"data")
 +    } 
 +    :global contentLen [ :len $content ]; 
 +    :global lineEnd 0; 
 +    :global line ""; 
 +    :global lastEnd -1
 +     
 +    /ip firewall address-list remove [find list=$addressListName]; 
 +     
 +    :do { 
 +        :set lineEnd [:find $content "\n" $lastEnd ]; 
 +        :set line [:pick $content $lastEnd $lineEnd]; 
 +        :set lastEnd ( $lineEnd + 1 ); 
 +        :if ( [:pick $line 0] = "#" ) do={ 
 +        } else={ 
 +            # :put $line; 
 +            /ip firewall address-list add address=$line list=$addressListName; 
 +        } 
 +         
 +    } while=($lineEnd < $contentLen - 2) 
 +}
  
-       :if ( $line != "" ) do={ +</code> 
-         /ip firewall address-list add list=bogons address=$line; +  * Set policy:<code>/system script set bogons policy=read,write,test</code>
-       } +
-} while ($lineEnd < $contentLen)</code>+
   * Test run script:<code>/system script run bogons</code>   * Test run script:<code>/system script run bogons</code>
-  * Schedule script:<code>/system scheduler add interval=24h start-time=7:00:00 on-event=bogons name=update-bogons</code>+  * Schedule script:<code>/system scheduler add interval=1d on-event=bogons name=update-bogons</code> 
 +  * Add firewall rules with: <code>dst-address-list=!AUTOBOGON</code>
  
routeros_bogon_update.1429445275.txt.gz · Last modified: 2015/04/19 12:07 by admin