MikrotikBlackList

From WISPTech
Jump to: navigation, search

In an attempt to block malicious IP activity on our network I went searching for a way to update an address list on my Mikrotik routers that would then be blocked in the firewall. I found a few scripts on the Mikrotik forum and modified one of them to meet my needs.



Contents

Download Lists

The following script will need to be put into a folder on a linux machine, I currently have it on a CentOS 5.2 server. The script is commented with instructions.


#!/bin/csh
#
#  Original author changeip
#  Minor modifications and commenting by cdemers
#  Additional modifications and commenting by Kevin Neal
#
#  This script downloads a few blacklists and FTP's them into a MT router.
#  I would recommend putting this in the crontab, I personally set it up with the following line.
#  50 4 * * * /opt/netblack.sh >/dev/null 2>&1
#
#  The working directory can be changed, the only files that need to manually be created there are the lftp command files.
#

set today = `date "+%m%d%y"`
set workdir = "/opt/script/"

cd ${workdir}

#
# Fetch block lists from sources and store in current folder
#

wget -q -nv -t 2 -O drop.lasso.txt -U wget-changeip-script http://www.spamhaus.org/drop/drop.lasso
wget -q -nv -t 2 -O drop.dshield.txt -U wget-changeip-script http://feeds.dshield.org/block.txt

#
# Begin Processing drop.lasso
#

echo :log info \"drop.lasso script import started\" > drop.lasso.rsc

echo :foreach subnet in [/ip firewall address-list find list=drop.lasso] do=\{ /ip firewall address-list remove \$subnet \} >> drop.lasso.rsc

cat drop.lasso.txt | awk '{print $1 " " $3}' | awk -F"/" '{print $1 " " $2 " " $3}' | grep -v ";" |  sed  '/^ *$/d' | awk '{print "/ip firewall address-list add list=drop.lasso address=" $1 "/" $2 " comment=" $3}' >> drop.lasso.rsc

echo :log info \"drop.lasso script import completed\" >> drop.lasso.rsc

#
# Begin processing drop.dshield
#

echo :log info \"drop.dshield script begin run\" >> drop.lasso.rsc

echo :foreach subnet in [/ip firewall address-list find list=drop.dshield] do=\{ /ip firewall address-list remove \$subnet \} >> drop.lasso.rsc

egrep "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" drop.dshield.txt | awk '{print "/ip firewall address-list add list=drop.dshield address=" $1 "-" $2}' >> drop.lasso.rsc

echo :log info \"drop.dshield script end run\" >> drop.lasso.rsc

#
# Upload script to the router(s), the Mikrotik Router also needs to have a scheduler task to impliment the file shortly after it's uploaded each day.
# The following command is what I used:
# add comment="" disabled=no interval=1d name=DropScript on-event="import drop.lasso.rsc" start-date=jan/01/2009 start-time=05:00:00
#
#	Each name on the lftp line is actually a file that contains the commands to pass to lftp, you'll need to create one for each target router.
#

lftp -f router1
lftp -f router2

#end




Create the lftp Command File

Example lftp command file.


open ftp://[Username]:[Password]@[Target router IP]
lcd script
put drop.lasso.rsc




Import Script

Now that it's uploading the file to your server, you need to have your router import it. I added a scheduler task to take care of this for me.


/system scheduler
add comment="" disabled=no interval=1d name=DropScript on-event="import drop.lasso.rsc" start-date=jan/01/2009 start-time=05:00:00


Setup Firewall Rule

Now to implement this into your firewall rules.


/ip firewall filter
add action=drop chain=forward comment=Drop.Lasso disabled=no src-address-list=drop.lasso
add action=drop chain=forward comment=Drop.Dshield disabled=no src-address-list=drop.dshield